Association analysis method and device for security logs

A correlation analysis and log technology, applied in the field of data processing, can solve problems such as business requirements that are no longer applicable, and achieve the effect of avoiding performance overhead, reducing pressure, and improving efficiency

Pending Publication Date: 2022-07-26
西安交大捷普网络科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional streaming data processing framework has inherent defects in throughput and fault tolerance, and is no longer suitable for the rapidly expanding business needs of the current Internet industry

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Association analysis method and device for security logs
  • Association analysis method and device for security logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be described clearly and completely below with reference to the accompanying drawings in the embodiments of the present invention.

[0024] For the convenience of understanding, the terms involved in the embodiments of the present invention are explained below:

[0025] The log audit system is a network security tool that uses big data collection, modeling, and analysis technology to detect threats and abnormal behaviors in the network in time through multi-dimensional information collection and automated correlation analysis of various network resources. Through the security linkage with firewall, intrusion prevention, terminal security and other products, it can effectively deal with threats and abnormal behaviors.

[0026] Raw events: Logs that have not yet been processed are col...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

According to the association analysis method and device of the security log, the event data and the association analysis rule base are used for generating a new event, the event data are matched with the asset library and the knowledge base for generating a three-dimensional association event, the event data can be effectively associated, and the data analysis efficiency is improved. According to the method, an on-demand distribution mechanism is carried out on the data analyzed by the association rule, that is, when the association analysis rule needs the data, the data type is input, and other data is not input, so that the problem that the resource utilization rate is too high when the association rule is subjected to real-time analysis is avoided; therefore, the pressure when irrelevant data is filtered through correlation analysis is relieved; and the data without any task subscription are directly discarded, so that the data are prevented from flowing into the downstream to carry out unnecessary performance overhead.

Description

technical field [0001] The invention belongs to the technical field of data processing, and in particular relates to a method and device for correlation analysis of security logs. Background technique [0002] In order to continuously respond to new security challenges, most enterprises and organizations deploy security devices such as firewalls, UTM, IDS, IPS, vulnerability scanning systems, antivirus systems, terminal management systems, WAF, DB-AUDIT, etc. in an attempt to build a security line of defense. However, in practice, most of these security defense lines can only resist security threats from a certain unilateral side, forming various "security defense islands" and cannot produce synergistic effects; more seriously, these complex IT assets and security defense facilities During the operation, a large number of security logs and events will be continuously generated, further forming a large number of "information islands", thus increasing the difficulty of finding...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L41/069
CPCH04L63/1425H04L41/069
Inventor 王平何建锋
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap