Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security policy self-feedback method based on security log association analysis

A correlation analysis and security policy technology, applied in the field of network information security, can solve problems such as inconsistent log formats of business protection systems, difficulty in automating security policies, and high rate of false positives in alarm notifications

Active Publication Date: 2021-03-09
CHINA INFOMRAITON CONSULTING & DESIGNING INST CO LTD
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In the enterprise network system, in order to ensure the safe operation of the system, a variety of security technology products are usually used for security protection, such as intrusion detection systems, anti-virus systems, firewall systems, etc. At the same time, the application service itself will also collect some security protection Relevant log information, because the log formats of various business protection systems are not uniform, and the amount of log information is very large, and the processing is not timely. This kind of information can usually only be used for post-event analysis, even if individual security protection systems achieve real-time security alarm notifications , but the false alarm rate of alarm notification is high, and most of the alarm information is not the information that security technicians care about. In addition, each security system is independent of each other, and the log alarm information is not related to each other. It is difficult to automate the configuration of security policies.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security policy self-feedback method based on security log association analysis
  • Security policy self-feedback method based on security log association analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0064] The embodiment of the present invention discloses a security policy self-feedback method based on the correlation analysis of security logs. This method is applied to the scene where multiple network security protection devices work together in an enterprise. By using this method, multiple independent network security protection devices are formed. A network security protection system with self-control and self-feedback capabilities can automatically respond to external attacks and threats and issue security policies. In order to do a good job in network security protection, enterprises usually purchase multiple network security protection devices, such as intrusion detection devices, firewalls, security auditing, anti-virus...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a security policy self-feedback method based on security log association analysis. The security policy self-feedback method comprises the following steps: firstly, creating a security log information acquisition program, message queues and consumption services in one-to-one correspondence with the message queues; creating an event stream processing engine and various rules;associating the type of the event after registration of the security log information with a rule; packaging the original information of the security log into an event, inputting the event into an event stream processing engine, and matching a log analysis rule; inputting the analyzed log information into an event stream processing engine, matching a log association analysis rule, and generating association analysis log information; inputting the association analysis log information into an event flow processing engine, matching a security policy instruction generation rule, generating securitypolicy instruction information and outputting the security policy instruction information to a security policy issuing instruction message queue; and finally, issuing the security policy change instruction to the corresponding network security protection equipment to realize the change of the security protection policy. Compared with the prior art, the log analysis efficiency is higher, and automatic issuing of security policies is achieved.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a security policy self-feedback method based on security log correlation analysis. Background technique [0002] In the enterprise network system, in order to ensure the safe operation of the system, a variety of security technology products are usually used for security protection, such as intrusion detection systems, anti-virus systems, firewall systems, etc. At the same time, the application service itself will also collect some security protection Relevant log information, because the log formats of various business protection systems are not uniform, and the amount of log information is very large, and the processing is not timely. This kind of information can usually only be used for post-event analysis, even if individual security protection systems achieve real-time security alarm notifications , but the alarm notification false alarm rate is high, an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F21/55
CPCH04L63/1416H04L63/20G06F21/55
Inventor 田闯王小鹏石启良陈昊望高丽芬胡章元
Owner CHINA INFOMRAITON CONSULTING & DESIGNING INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products