Summary graph generation method of system log dependency graph for attack investigation and restoration

A technology of system logs and summary diagrams, which is applied in the field of network security, can solve the problems of limited application range, manual attack investigation, and difficulty in extracting context information, and achieve the effect of easy viewing and reduced size

Pending Publication Date: 2022-06-17
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the dependency explosion problem, it is difficult to efficiently extract the required contextual information from a huge graph, requiring extensive manual inspection
[0004] For the problem of dependency explosion, existing methods mainly include technologies such as automatically filtering irrelevant events in the dependency graph and revealing attack-related events. Although these attack investigation techniques based on the dependency graph of system entities have achieved good results, there are still manual attacks. investigation, making the scope of practical application more limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Summary graph generation method of system log dependency graph for attack investigation and restoration
  • Summary graph generation method of system log dependency graph for attack investigation and restoration
  • Summary graph generation method of system log dependency graph for attack investigation and restoration

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] In order to make the objectives, technical solutions and advantages of the present invention clearer, the technical solutions in the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are part of the embodiments of the present invention. , not all examples. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0064] The terms "first", "second" and the like in the description and claims of the present invention are used to distinguish similar objects, and are not used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the present application can be practiced in sequences other than those illustrated or descr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a summary graph generation method of a system log dependency graph for attack investigation and restoration, comprising: determining a system entity dependency graph of an attack event to be investigated and restored, the dependency graph comprising system entity nodes associated with the attack event and a call relationship between the system entity nodes; the system entity nodes comprise process nodes and resource nodes; executing hierarchical random walk on process nodes in the dependency graph, and determining behavior representation of the process nodes; clustering the process nodes based on the behavior representation, and dividing the dependency graph into at least one first sub-graph based on a clustering result; compressing each first sub-graph to obtain at least one second sub-graph; generating a summary corresponding to each second sub-graph, and obtaining a summary graph corresponding to the dependency graph. According to the method, the dependency graph is divided into the sub-graphs, and the simple summary is provided for each sub-graph to generate the summary graph, so that the summary of related system activities and the summary information of the sub-graphs related to attacks can be conveniently checked.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a method for generating a summary graph of a system log dependency graph for attack investigation and restoration. Background technique [0002] In response to cyber attacks, causal analysis based on system monitoring has become an important method for attack investigation. [0003] The causal analysis method uses the system entity dependency graph to represent system call events. Based on the system entity dependency graph, the context information of the attack can be investigated by reconstructing the event chain leading to the POI (Point of Interesting) event. Such context information can Effectively reveal incidents related to attacks. However, due to the dependency explosion problem, it is difficult to efficiently extract the required contextual information from a huge graph, requiring extensive manual inspection. [0004] Aiming at the problem of dependen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/901H04L9/40
CPCG06F16/9024H04L63/1441
Inventor 孟丹文雨徐志强张博洋杨纯郑阳张东雪杜莹莹吴艳娜
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap