Network space asset log association analysis system based on finite-state machine

A finite state machine and association analysis technology, applied in the field of information security, can solve problems such as increased time overhead, large storage overhead, and large replication overhead, and achieve the effects of reducing overhead, improving semantic expression ability, and high efficiency

Pending Publication Date: 2022-04-15
福建省海峡信息技术有限公司
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Saving intermediate results requires copying the event instance in the rule node of the entire rule tree, and the cost of copying is relatively large
[0006] 2. Since the event flow is continuous, if there are many intermediate results, or the space occupied by the rule tree itself is relatively large, the storage overhead will be relatively large
[0007] 3. With the replication of the rule tree, there may be more and more trees in the rule tree collection, the time overhead of matching will become larger, and the delay of matching will be relatively high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network space asset log association analysis system based on finite-state machine
  • Network space asset log association analysis system based on finite-state machine
  • Network space asset log association analysis system based on finite-state machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The technical solution of the present invention will be specifically described below in conjunction with the accompanying drawings.

[0039] A network space asset log association analysis system based on a finite state machine of the present invention includes:

[0040] The rule configuration module, which is a user interface, provides security administrators with the configuration of association analysis rules, and the configured rules are stored in the database in the form of a tree;

[0041] The built-in conditions and knowledge base provide the implementation of the built-in basic sub-rules and the parameter dictionary, and the user configures and combines the built-in conditions through the rule configuration module to form rules;

[0042] Rule compiler, the function of this module is to convert the tree-shaped rule configuration saved in the rule configuration module into a finite state machine corresponding to the rule;

[0043] The log event receiving module, w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network space asset log association analysis system based on a finite-state machine. Comprising a rule configuration module which is provided for a security administrator to configure association analysis rules, and the configured rules are stored in a database in a tree form; conditions and a knowledge base are built in, implementation of built-in basic sub-rules and a parameter dictionary are provided, and a user configures and combines the built-in conditions to form rules; the rule compiler is used for converting the tree-shaped rule configuration stored in the rule configuration module into a finite-state machine corresponding to the rule; the log event receiving module is used for providing the event in the cache as an input event to the task scheduler; the task scheduler is used for scheduling all finite-state machines for matching for each event in the cache, and outputting a matching result, namely a matching event list, to the alarm generation module; and the alarm generation module is used for receiving the matching event list in the task scheduler, extracting related attributes in the event according to the definition of the alarm, generating an alarm report and sending the alarm report to a security administrator.

Description

technical field [0001] The invention relates to the field of information security, in particular to a network space asset log association analysis system based on a finite state machine. Background technique [0002] In the prior art, the closest one is the association analysis system based on rule tree. (Association analysis device based on event classification and rule tree. Patent application number: 200920182619.3 Authorization announcement number: CN 201491020 U). [0003] Association analysis system based on rule tree, its modeling of rules is based on rule tree. The basic principle of the rule tree system is: first create an initial rule tree Tree0 and add it to the rule tree collection. This tree contains 3 tree nodes. The root node contains >> (followed by operator ID). The root node has two rule node children, rule A and rule B in that order. When event E1 matches rule A, it is necessary to copy an initial tree Tree1, add E1 to rule node A of Tree1, then ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/48G06F9/448G06F16/18G06F16/2455G06F16/36G06F16/31G06F11/32
Inventor 何哲赖建华刘志光唐敏许敦英
Owner 福建省海峡信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap