Server security event auditing method based on flow data analysis

A technology for server security and traffic data, applied in the field of server security event auditing based on traffic data analysis, it can solve the problems of low security event audit efficiency and reduce server security performance, so as to improve security performance, avoid security risks, and strengthen server systems Effect

Pending Publication Date: 2021-01-22
厦门美域中央信息科技有限公司
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Existing server security event auditing generally adopts the method of detecting security log records, requiring users to manually check the security log to know the current security status, resulting in low efficiency of security event auditing and reducing the security performance of the server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Server security event auditing method based on flow data analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] A server security event auditing method based on traffic data analysis proposed by the present invention, the method steps are as follows:

[0034] S1. Establish a third-party server security event audit system;

[0035] S2. Synchronously mirror the real-time traffic data of the server to the third-party server security event audit system, and back it up;

[0036] S3. Collect, classify and analyze the characteristic data flow of the traffic data, and generate corresponding monitoring nodes for each group of characteristic data;

[0037] S4. The monitoring node monitors and observes the flow trajectory of the characteristic data stream in the whole process, and locates and tracks it with the cooperation of the packet capture tool when a suspicious process and connection occur;

[0038] S5. The third-party server security event audit system analyzes the suspicious behavior, quantifies its impact, predicts the security risk of the suspicious data flow, and then classifies...

Embodiment 2

[0045] like figure 1 As shown, the present invention further proposes a third-party server security event audit system, the system includes a security event recording module, a backup module, an image generation module, a monitoring module, a traffic data collection module, a packet capture module, an analysis module, a defense module and an automatic Check module.

[0046] In an optional embodiment, the image generation module, the packet capture module, the defense module, and the self-checking module are connected to the server through a network; the backup module, the monitoring module, the traffic data collection module, and the analysis module are all connected to the image generation module through the network. ; The analysis module is connected to the network of the packet capture module at the same time; the packet capture module is also connected to the network of the defense module and the self-checking module.

[0047] In an optional embodiment, the analysis modul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

According to the server security event auditing method based on traffic data analysis, real-time traffic data of the server is subjected to synchronous mirroring processing through the third-party server security event auditing system, so that direct traffic data analysis on the server is avoided, and the security of the traffic data is ensured; meanwhile, flow data in the third-party server security event auditing system is monitored, observed, positioned and tracked, and when abnormal data occurs, on one hand, the defense module makes defense category judgment according to the risk level andgenerates corresponding defense behaviors, so that security events are quickly solved, the security of the server system is protected, and on the other hand, the self-checking module completes the self-checking behavior of the corresponding level according to the risk level, so that the safety performance of the server is gradually improved, the same type of safety events are effectively prevented from happening again, and the safety performance of the server system is improved.

Description

technical field [0001] The invention relates to the field of server security, in particular to a server security event audit method based on traffic data analysis. Background technique [0002] A server is a type of computer that runs faster, has a higher load, and is more expensive than a normal computer. The server provides computing or application services for other clients (such as PCs, smart phones, terminals such as ATMs, and even large-scale equipment such as train systems) in the network. The server has high-speed CPU computing power, long-term reliable operation, powerful I / O external data throughput and better scalability. According to the services provided by the server, generally speaking, the server has the ability to respond to service requests, undertake services, and guarantee services. [0003] With the rapid development of Internet technology, server security problems are becoming more and more serious. Various network attacks such as network viruses, mal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57H04L29/06H04L29/08
CPCG06F21/577H04L67/1095H04L63/1425H04L63/1416H04L63/1441G06F2221/034
Inventor 张晶刘家祥黄建福石小川肖清林陈瑜靓赵昆杨黄靓陈鹭菲王榕腾杜鑫杨国林刘健养
Owner 厦门美域中央信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap