Intelligent security event association analysis system for threat scene

A technology for correlation analysis and security events, applied in transmission systems, digital transmission systems, electrical components, etc., it can solve the problems of scattered data sources, lack of correlation and comprehensive analysis, and inability to form a unified view of enterprise data, saving time.

Pending Publication Date: 2021-04-30
CHINA SOUTHERN POWER GRID COMPANY +1
View PDF2 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The inevitable problem is that the data sources in the enterprise are scattered, and the analysis system established on this basis must be isolated
However, there is a lack of effective association and comprehensive analysis among these "information islands", and it is impossible to form a unified view of enterprise data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent security event association analysis system for threat scene
  • Intelligent security event association analysis system for threat scene

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] This application provides an intelligent security event correlation analysis system oriented to threat scenarios, including a mass-format event storage module, an analysis module, and a visual display module;

[0060] Using distributed massive log collection technology, it can support a single event collector and multiple event collectors at the same time. Use distributed collectors to further improve the performance of event collection. The mass-format event storage module supports a single event collector and multiple event collectors. With the help of hardware multi-core features, a parallel event pipeline collection method is used to collect massive log data, and an asynchronous non-blocking event collection method is adopted. Parallel pipeline processing of events. Greatly improved the performance of event collection and preprocessing;

[0061] With the help of the built-in distributed event access agent, the system can store massive events in parallel in a distr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an intelligent security event association analysis system for a threat scene. The intelligent security event association analysis system comprises a mass format event storage module, an analysis module and a visual display module, and the analysis module comprises an event association analysis module, a comprehensive threat analysis module, an attack chain analysis module, an attack path analysis module, a Web attack deep analysis module, a network flow metadata behavior analysis module and a network abnormal behavior analysis module. The analysis system provided by the invention can summarize and rationalize threat data to automatically screen out an attack index (IOC) as a machine-readable threat intelligence (MRTI), and uses existing log contrast matching to easily discover uncommon trends or clues and effectively perform operations on the uncommon trends or clues. By combining a team, a process and a tool together, a system platform provides an unprecedented view from which threats come for a security team, the whole event can be tracked from head to tail, and a security response can be guided and blocked through a report.

Description

technical field [0001] The invention relates to network security analysis, in particular to an intelligent security event correlation analysis system oriented to threat scenarios. Background technique [0002] With the continuous expansion of the network scale, the current network has played an increasingly important role in social life; at the same time, network security issues have become increasingly prominent, and have gradually become the key issues that need to be solved urgently for the further development of network services and applications . In addition, with the development of network intrusions and attacks toward distribution, scale, complexity, and indirection, the threats and losses caused by network viruses and Dos / DDos attacks are increasing. Many researchers and Organizations have begun to realize that it is impossible to monitor the entire network security situation in real time only by relying on existing network security products. [0003] As we all kno...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26G06K9/62
CPCH04L63/1425H04L63/1441H04L43/045G06F18/24155
Inventor 刘家豪吕华辉杨航刘欣陈华军明哲张佳发梁段陈锋
Owner CHINA SOUTHERN POWER GRID COMPANY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap