Unlock instant, AI-driven research and patent intelligence for your innovation.

Alarm association method based on alarm time sequence

A technology of alarm time and sequence, applied in the field of Internet security, can solve the problem that the intrusion detection system cannot intuitively display multi-step attacks, cannot correctly grasp the attacker's activity trajectory, etc., so as to improve the detection effect and facilitate judgment.

Pending Publication Date: 2022-07-01
NANJING POLYTECHNIC INSITUTE +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the intrusion detection system cannot visually display the complete process of the multi-step attack, which makes it impossible for managers to correctly grasp the complete activity track of the attacker.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Alarm association method based on alarm time sequence
  • Alarm association method based on alarm time sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be described in detail below with reference to the accompanying drawings.

[0026] as attached figure 1 to the attached figure 2 As shown, an alarm association method based on alarm sequence is characterized in that: comprising:

[0027] Collect Snort alarm data and OSSEC alarm data, take the alarm history data into a unified time domain to obtain unified alarm time series data; divide the alarm time series data with preset sampling time to generate alarm time series; use sliding window to judge alarm events , and record the alarm time of the alarm event and the type of the alarm as a feature vector to generate the alarm sequence to be associated; classify the alarm sequence to be associated based on the clustering algorithm, associate the alarm sequence according to the preset similarity threshold, and associate the associated alarm sequence. The results are displayed.

[0028] Further, the alarm sequence data includes an alarm state valu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an alarm association method based on an alarm time sequence, and the method comprises the steps: collecting Snort alarm data and OSSEC alarm data, and obtaining unified alarm time sequence data from the alarm historical data in a unified time domain; segmenting the alarm time sequence data according to preset sampling time to generate an alarm time sequence; judging the alarm event by using a sliding window, and recording the alarm time of the alarm event and the alarm type as feature vectors to generate a to-be-associated alarm time sequence; and classifying the alarm time sequence to be associated based on a clustering algorithm, associating the alarm sequence according to a preset similarity threshold, and displaying an association result. According to the invention, the detection effect can be greatly improved.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to an alarm association method based on an alarm sequence. Background technique [0002] With the increasing number of netizens in my country and the Internet penetration rate year by year, the scale and complexity of the Internet continue to increase. At the same time, the diversity, openness and connectivity of the network also make network security issues increasingly prominent. In order to protect the important resources of the Internet and deal with the attacks and potential threats suffered by the network, a large number of security devices are widely used in the network, such as firewalls, intrusion detection systems (IDS, vulnerability scanners, etc.). However, the functions of these security devices are relatively Single, can only ensure network security in its own field, and these security devices, especially intrusion detection systems, will generate massive ala...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L41/0604H04L41/0631H04L43/028H04L43/04G06K9/62
CPCH04L63/1416H04L41/0622H04L41/064H04L43/04H04L43/028G06F18/23
Inventor 陶星宇黄义杰高翔肖华
Owner NANJING POLYTECHNIC INSITUTE