Apt attack scene recovery detection method and system based on multi-source log correlation analysis

A technology of correlation analysis and attack scenarios, applied in the field of network security, can solve problems such as poor APT attack effect, and achieve the effect of simple construction and strong applicability
CN112333195BActive Publication Date: 2021-11-30XIDIAN UNIV
13 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
XIDIAN UNIV
Publication Date
2021-11-30

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

APT attack scene recovery detection method and system based on multi-source log correlation analysis, the detection method includes collecting multi-source logs of hosts, setting new characteristic parameters, using relationship vectors to correlate all log entries, and treating all log entries as nodes in the network , the relationship between log entries is regarded as the edge between nodes, an undirected and weighted complex network graph is constructed, and the label propagation algorithm is used to cluster and identify events; then log and events are formed into a long sequence in chronological order to mine events The logical relationship and time relationship among them, generate the initial sub-partition graph and continuously optimize it to obtain the scene graph; then learn the vector representation of the vertices and edges of the scene graph, perform clustering, and detect new edges and vertices of the updated scene graph Whether it is abnormal, after the detection is completed, the clustering situation is updated to prepare for subsequent detection. The invention can comprehensively and accurately restore the attack scene, prevent high false alarm rate and fish that slip through the net, and efficiently detect APT attacks.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the field of network security, and in particular relates to an APT attack scene restoration detection method and system based on correlation analysis of multi-source logs. Background technique

[0002] With the rapid development of computer information technology, people rely more and more on the network for information transmission and interaction. However, incidents that threaten network security occur frequently, which have seriously affected the information security of the entire society and individuals. It is reported that, on average, an Internet computer intrusion event occurs every 20 seconds around the world. In order to protect network security, devices such as firewalls and intrusion detection systems have appeared on the market. These devices perform rule matching based on unique parameters in network data packets, and can only alarm and block behaviors that violate existing rules. has a certain lag. Especially f...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More