Host behavior data analysis method and device, equipment and storage medium

An analysis method and technology of a data analysis system, applied to the analysis method of host behavior data, equipment and storage media, and the field of devices, can solve the problems of not being able to collect attackers, large data volume, and low data validity, and achieve effective host monitoring. The effect of behavioral data

Pending Publication Date: 2021-05-11
SANGFOR TECH INC
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when collecting data through the above method, although there are fewer monitoring points, the amount of data is often large, th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Host behavior data analysis method and device, equipment and storage medium
  • Host behavior data analysis method and device, equipment and storage medium
  • Host behavior data analysis method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0041] At present, when collecting host behavior data, the traditional method has problems such as setting fewer monitoring points, collecting a large amount of data, and low data validity. The core operation of the attacker cannot be collected, so the analysis based on this data is often invalid. .

[0042] Therefore, in order to effectively obtain the behavior data of the host in this solution, the kernel monitoring and collection module in the event monitoring m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a host behavior data analysis method and device, equipment and a storage medium. In the scheme, the behavior data of a host is collected through a preset event monitoring module; the event monitoring module comprises a kernel monitoring acquisition module, an ETW event acquisition module and a user mode hook event acquisition module; and performing standardization processing on the behavior data to generate a host behavior event, sending the host behavior event to a data analysis system, and performing analysis processing on the host behavior event through the data analysis system to obtain a corresponding analysis result. According to the scheme, it can be seen that in order to effectively obtain the behavior data of the host, the behavior data of the host are jointly collected through the kernel monitoring collection module, the ETW event collection module and the user mode hook event collection module in the event monitoring module, and more comprehensive and more effective host behavior data can be obtained through the mode; therefore, the data analysis system can timely and accurately detect the abnormal condition of the host by using the behavior data.

Description

technical field [0001] The present invention relates to the technical field of data analysis, and more specifically, relates to a method, device, equipment and storage medium for analyzing host behavior data. Background technique [0002] At present, the traditional host behavior data collection is mostly using open source projects, and its realization principle is mostly through user mode hook (hook, used to intercept system messages), multiplexing sysmon (system monitoring tool) monitoring logs and simple system information Acquire host data by way of incremental change detection. However, when collecting data through the above method, although there are fewer monitoring points, the amount of data is often large, the data validity is low, and the core operation of the attacker is often not collected, so the analysis based on this data is often invalid . Contents of the invention [0003] The purpose of the present invention is to provide a host behavior data analysis m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/552G06F21/566
Inventor 王云峰
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap