Network security event traceability analysis method and device, medium and electronic equipment

A technology of network security and analysis method, which is applied in the field of devices, media and electronic equipment, and network security event traceability and analysis method, which can solve the problems such as false reporting of events, and achieve the effect of making up for false positives and the inability to trace the source globally

Pending Publication Date: 2022-01-11
中通服创立信息科技有限责任公司
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem solved by the present invention is that the traditional single analysis of network security cannot solve event misreporting. The purpose of the present invention is to provide a method for tracing the source of network security events. Problems that cannot be traced globally improve the overallity, completeness, and accuracy of security analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security event traceability analysis method and device, medium and electronic equipment
  • Network security event traceability analysis method and device, medium and electronic equipment
  • Network security event traceability analysis method and device, medium and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] Embodiment 1 provides a network security event source tracing analysis method, such as figure 1 shown, including the following steps:

[0032] S1, select the alarm entry of the device, obtain the quintuple of the alarm entry and the alarm time;

[0033] S2. Obtain several device alarm entries with the same-source IP address of the quintuple as the main element, and draw an attack topology traceability diagram according to the alarm time and the IP address of the device containing the alarm entry.

[0034] Specifically, in S1, an alarm entry of the device is selected, and the quintuple and alarm time of the alarm entry are obtained; the quintuple includes source IP address, source port, destination IP address, destination port, and transport layer protocol.

[0035] In S2, several device alarm entries are obtained with the same-source IP address of the five-tuple of the alarm entry as the main element, and an attack topology traceability map is drawn according to the al...

Embodiment 2

[0051] The second embodiment provides a network security event traceability analysis device, which is used to implement the specific steps of the network security event traceability analysis method described in the first embodiment, which will not be repeated here, as image 3 as shown, image 3 The frame diagram of each module of the analysis device provided by an embodiment of the present invention, the device includes the following modules,

[0052] The data acquisition module 110 is used to select the alarm entry of the device, and obtain the quintuple of the alarm entry and the alarm time;

[0053] The analysis module 120 is used to select several device alarm entries based on the same-source IP address of the quintuple, and draw an attack topology traceability diagram according to the alarm time and the device IP address.

[0054] In summary, the present invention provides a network security event traceability analysis device that collects alarm logs generated by variou...

Embodiment 3

[0056] The third embodiment provides a computer-readable storage medium, on which a computer program is stored. When the program is executed by a processor, the steps of the method for adjusting the enameled wire paint film thickness described in any one of the above contents are implemented. Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. Those of ordinary skill in the art can understand that realizing all or part of the processes i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network security event traceability analysis method, relates to the technical field of network security, solves the problem that conventional network security single analysis cannot solve event misinformation, and adopts the technical scheme that the method comprises the following steps: selecting an alarm entrance of equipment, and obtaining a quintuple and alarm time of the alarm entrance; and obtaining a plurality of device alarm entries by taking the homologous IP addresses of the quintuple as main elements, and drawing an attack topology traceability graph according to the alarm time and the device IP addresses containing the alarm entries. According to the method, the problems of false alarm and incapability of global traceability caused by traditional single alarm are solved, and the globality, integrity and accuracy of safety analysis are improved.

Description

technical field [0001] The present invention relates to the technical field of network security, more specifically, it relates to a method, device, medium and electronic equipment for tracing and analyzing the source of network security events. Background technique [0002] Today, with the increasing development of the network, security risks are increasing sharply. With the increasing number of network security risks, security attack analysis is no longer a problem that can be solved by a single alarm, and more needs an analysis method that can quickly perform interactive correlation. Analysis, bid farewell to the analysis based on a single alarm, it needs to be analyzed in a multi-condition correlation manner. [0003] Therefore, how to solve the problem that traditional network security single analysis cannot solve event false positives is an urgent problem to be solved at present. Contents of the invention [0004] The technical problem solved by the present invention...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L41/069H04L41/0631
CPCH04L63/1425H04L41/069H04L41/065H04L2463/146
Inventor 弋政陈林利刘昌栋
Owner 中通服创立信息科技有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap