Unlock instant, AI-driven research and patent intelligence for your innovation.

Local information generation method and device, equipment and storage medium

A generation method and storage medium technology, applied in the field of network security, can solve problems such as negative impact on analysis capabilities, uncontrollable users, and difficulty in tracking and tracing analysis results, achieving high real-time performance, improved credibility, and easy traceability

Active Publication Date: 2022-01-28
北京微步在线科技有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the existing technology uses the model correlation analysis function of situation awareness to realize the analysis of network data. However, the data sources used in the model correlation analysis are only abnormal behavior alarm logs, that is, the correlation analysis is only based on log statistics. Furthermore, this kind of model association analysis largely depends on the accuracy and breadth of log parsing. The more accurate the log parsing and the wider the breadth, the stronger the support for the analysis. Conversely, it may have a negative impact on the analysis ability.
[0004] On the other hand, model association analysis is basically uncontrollable to users. Users can only receive results, but cannot participate in the control analysis process.
On the other hand, the analysis results of model correlation analysis are difficult to track and trace, and there is no suitable indicator to indicate the credibility of the analysis results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Local information generation method and device, equipment and storage medium
  • Local information generation method and device, equipment and storage medium
  • Local information generation method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] see figure 1 , figure 1 It is a schematic flowchart of a method for generating local intelligence disclosed in the embodiment of this application. Such as figure 1 As shown, the method of the embodiment of the present application includes the following steps:

[0053] 101. Obtain alarm logs based on several data sources;

[0054] 102. Collision the alarm log with the intelligence database, and obtain the first intelligence data related to the alarm log;

[0055] 103. Extract several indicator data based on the alarm log and the first intelligence data;

[0056] 104. Generate second intelligence data based on several indicator data and first intelligence data;

[0057] 105. Save the alarm log and the second intelligence data in a local storage space.

[0058]In the embodiment of the present application, since the first intelligence data is used in addition to the original alarm log data in the production process of the second intelligence data, the input source of ...

Embodiment 2

[0102] see figure 2 , figure 2 It is a schematic structural diagram of a local intelligence generation device disclosed in the embodiment of the present application. Such as figure 2 As shown, the device of the embodiment of the present application includes the following functional modules:

[0103] A data acquisition module 201, configured to acquire alarm logs based on several data sources;

[0104] A data collision module 202, configured to collide the alarm log with the intelligence database, and obtain first intelligence data related to the alarm log;

[0105] A data extraction module 203, configured to extract several indicator data based on the alarm log and the first intelligence data;

[0106] A data generation module 204, configured to generate second intelligence data based on several indicator data and the first intelligence data;

[0107] The data storage module 205 is configured to store the alarm log and the second intelligence data in a local storage sp...

Embodiment 3

[0112] see image 3 , image 3 It is a schematic structural diagram of a local intelligence generating device disclosed in the embodiment of this application. Such as image 3 , the equipment of the embodiment of the present application includes:

[0113] A memory 301 storing executable program codes;

[0114] a processor 302 coupled to the memory 301;

[0115] The processor 302 invokes the executable program code stored in the memory 301 to execute the method for generating local information in Embodiment 1 of the present application.

[0116] The device in the embodiment of the present application executes the local intelligence generation method. On the one hand, by colliding the alarm log with the intelligence database, more and more timely first intelligence data can be obtained, which is different from only using the alarm log to generate the second intelligence. Compared with data, it can generate a more accurate and real-time second intelligence database based on ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a local information generation method and device, equipment and a storage medium. The method comprises the steps of obtaining an alarm log based on a plurality of data sources, enabling the alarm log to collide with an intelligence database, and acquiring first intelligence data related to the alarm log, extracting a plurality of index data based on the alarm log and the first intelligence data, generating second intelligence data based on the plurality of index data and the first intelligence data, and storing the alarm log and the second intelligence data in a local storage space. The accuracy and real-time performance of the generated intelligence data can be improved at least. And on the other hand, the method has the advantages that the analysis result is traceable, the intelligence data generation process can be dynamically adjusted, and the generated intelligence data is high in credibility.

Description

technical field [0001] The present application relates to the technical field of network security, in particular, to a method, device, equipment and storage medium for generating local intelligence. Background technique [0002] With the development of Internet technology, there are more and more malicious addresses on the Internet. In order to protect themselves from network attacks, general enterprises need to use some security products to identify which addresses that communicate with enterprise assets are insecure, and the reasons for the insecurity, and block these communications. [0003] At present, the existing technology uses the model correlation analysis function of situation awareness to realize the analysis of network data. However, the data sources used in the model correlation analysis are only abnormal behavior alarm logs, that is, the correlation analysis is only based on log statistics. Furthermore, this type of model association analysis largely depends o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06F16/901G06F16/903
CPCH04L63/1416H04L63/1425G06F16/903G06F16/901H04L2463/146
Inventor 王云赫任政童兆丰薛锋
Owner 北京微步在线科技有限公司