Network alarm information clustering method based on attribute correlation

A technology of alarm information and clustering method, which is applied in the field of network security and can solve the problem of not being able to cover the whole picture of attack events

Inactive Publication Date: 2021-10-29
NO 15 INST OF CHINA ELECTRONICS TECH GRP +2
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The alarm information clustering based on the alarm information clustering method based on the alarm information type often only clusters a fragment of the attack event, which is not enough to cover the whole picture of the attack event

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network alarm information clustering method based on attribute correlation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to better understand the contents of the present invention, an example is given here.

[0021] The invention discloses a network alarm information clustering method based on attribute correlation, figure 1 It is an implementation flowchart of the network alarm information clustering method based on attribute correlation of the present invention, and its specific steps include:

[0022] S1, sorting out network alarm information; due to multiple sources of network alarm information and inconsistent formats, the most extensive and representative IDMEF security event specification currently in the world is adopted to standardize the format of network alarm information. Generate network alarm information for security defense equipment and services including firewalls, anti-virus terminals, malicious traffic analysis, and email analysis, and use the IDMEF security event specification to unify the format of the information to achieve dynamic scalability and descriptio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network alarm information clustering method based on attribute correlation. The method comprises the following specific steps: arranging network alarm information; clustering the network alarm information with the same attack source or the same attack target according to the quintuple features; clustering the network alarm information with the same data characteristics and attack types according to the attack type characteristics of the alarm information to obtain a network alarm information set with the network alarm information type characteristics; clustering network alarm information based on attack occurrence time; and clustering network alarm information and fusing again. The alarm information clustering of the space-time global perspective is realized based on the multi-dimensional attribute feature clustering, which is matched with the situation that an attacker often carries out combined attack on an attacked target by adopting multiple attack technical and tactical methods in an actual attack event, and can cover the full view and important details of the attack event; and better basic conditions are prepared for attack event analysis and attack scene restoration.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network alarm information clustering method based on attribute correlation. Background technique [0002] At present, in the field of network security attack and defense, with the continuous development and progress of information technology and the continuous evolution and enrichment of network defense capabilities, network attack techniques and technologies are also becoming more and more complicated in the game with network security defense equipment. Various types of network security defense equipment and security monitoring and early warning equipment in the enterprise network will generate a lot of redundant alarm information in the face of increasingly complex attack methods. The real attack alarm information is covered up by a large number of low-quality alarm information, which leads to the continuous increase in the complexity and difficulty of alarm information proces...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/906H04L29/06
CPCG06F16/906H04L63/1416H04L63/1433
Inventor 任传伦俞赛赛金波刘晓影乌吉斯古愣任秋洁谭震王淮
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap