Association graph-based anomaly analysis method and device

An analysis method and a correlation graph technology, applied in the field of data identification, can solve problems such as a single analysis system, complex abnormal correlation, and low accuracy of analysis and aggregation abnormalities, and achieve the effect of improving accuracy

Active Publication Date: 2022-02-01
中债金科信息技术有限公司 +1
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In terms of the application of the anomaly evaluation system, due to the large amount of anomaly data and complex anomaly associations in the enterprise, the existing anomaly evaluation system is based on a single analysis system, and the accuracy of its analysis of aggregation anomalies is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Association graph-based anomaly analysis method and device
  • Association graph-based anomaly analysis method and device
  • Association graph-based anomaly analysis method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0138] As an optional implementation of the present invention, if there is a node corresponding to the current aggregation exception type, updating the node attributes of the node includes:

[0139] Step a: If there is a node corresponding to the current aggregation exception type, store the ID of the current aggregation exception in the node attribute of the node;

[0140] Step b: In the node attribute, establish a second association relationship that is the same as the first association relationship for the current aggregation exception;

[0141] Wherein, the first association relationship is the association relationship between the historical aggregation anomaly of the same type as the current aggregation anomaly and the target historical aggregation anomaly associated with it, and the second association relationship is the association relationship between the current aggregation anomaly and the target historical aggregation anomaly;

[0142] Step c: Update node attributes....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an association graph-based anomaly analysis method and device. The method comprises the steps of obtaining aggregation anomaly of different devices of different manufacturers, generating an association table according to the historical aggregation anomaly, according to the association table, constructing a current association graph containing the current aggregation anomaly on an equipment network topological graph corresponding to each historical aggregation anomaly on a network, in the current association graph, sorting according to threat degrees from large to small, and selecting a first preset number of threat paths, and combining the preset number of threat paths to generate a threat graph, and sending the threat graph to a server. And security personnel can be assisted in distinguishing attack scenes. The association table is generated according to the association between the aggregation anomalies, and the current association graph is constructed in combination with the network topological graph, so that the problem of inaccurate analysis caused by complex association is solved, the threat paths are selected according to the threat degree to form the threat graph for analysis, and the accuracy of analyzing the complex association anomalies is improved.

Description

technical field [0001] The present invention relates to the technical field of data identification, in particular to an abnormal analysis method and device based on a correlation graph. Background technique [0002] With the development of network technology, when a network attack occurs, the system will generate a large number of abnormalities. In terms of system traffic, there will be exceptions related to traffic analysis. In terms of system applications, there will be exceptions in application logs. In terms of the operation of the system itself, exceptions in system audit logs will be generated. The identification of abnormal data is a necessary means to maintain network security, and most of the abnormal data are related, and it is necessary to evaluate and analyze the abnormal data after correlation to determine the abnormality. [0003] In the prior art, the aggregated abnormality is obtained by aggregating the abnormalities generated by different devices of multipl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L41/12G06N5/04G06N7/00
CPCH04L63/1425H04L41/12G06N5/041G06N7/01Y02P90/30
Inventor 周博雅万海焦伟严人宁王兆阳赵曦滨
Owner 中债金科信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products