Network security threat identification method based on event detection mode

A network security and identification method technology, applied in the field of network security threat identification based on the event detection mode, can solve the problems of time-consuming, labor-intensive, low efficiency, lack of correlation between data, etc., and achieves high accuracy, fast response, and cost. low effect

Pending Publication Date: 2022-02-11
CHINA YOUKE COMM TECH
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

From the perspective of security operation and maintenance personnel, threat monitoring based on manpower is time-consuming, laborious and inefficient, and security operation and maintenance personnel are generally insufficient in analyzing potential threats an

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security threat identification method based on event detection mode
  • Network security threat identification method based on event detection mode
  • Network security threat identification method based on event detection mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The technical solution of the present invention will be specifically described below in conjunction with the accompanying drawings.

[0023] It should be pointed out that the following detailed description is exemplary and intended to provide further explanation to the present application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.

[0024] It should be noted that the terminology used here is only for describing specific implementations, and is not intended to limit the exemplary implementations according to the present application. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural, and it should also be understood that when the terms "comprising" and / or "comprising" are used in this specification, they mean There are features, steps, operations, means, components an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network security threat identification method based on an event detection mode. According to the method, feature engineering processing is performed on event big data of each node of a network, model learning training is performed on the data after feature engineering processing according to two modes of event points and event streams, and two types of model knowledge of an event point anomaly detection model and an event stream risk prediction model are generated. On the basis of model knowledge, for threat identification of a single-point event, a matching value of an event feature and a certain threat model abnormal point feature is calculated to judge whether a potential threat exists or not; for threat identification of a plurality of associated events similar to multi-step attacks, firstly, a feature sequence of the associated events is obtained by using an association analysis algorithm, and then a matching value of a sequence feature of an event stream and a sequence feature of a certain threat model is calculated to predict whether potential threats exist or not. According to the method, instant threat identification and hidden threat mining can be realized, and the level of network security operation and maintenance is greatly improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network security threat identification method based on an event detection mode. Background technique [0002] In the context of the modern network environment and complex network assets, the importance of solving problems such as how to identify threats in an instant and efficiently, and how to comprehensively gain insight into the threat situation of the overall network has become increasingly prominent. However, traditional threat identification methods have many limitations. From the perspective of security operation and maintenance personnel, threat monitoring based on manpower is time-consuming, laborious and inefficient, and security operation and maintenance personnel are generally insufficient in analyzing potential threats and predicting unknown types of threats; from the perspective of security protection tools , The implementation of threat identification in existing...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40H04L41/16
CPCH04L63/1408H04L41/16
Inventor 任华
Owner CHINA YOUKE COMM TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap