CN105847029B - A kind of information security events auto-associating and quick response system based on big data - Google Patents
A kind of information security events auto-associating and quick response system based on big data Download PDFInfo
- Publication number
- CN105847029B CN105847029B CN201610130328.4A CN201610130328A CN105847029B CN 105847029 B CN105847029 B CN 105847029B CN 201610130328 A CN201610130328 A CN 201610130328A CN 105847029 B CN105847029 B CN 105847029B
- Authority
- CN
- China
- Prior art keywords
- alarm
- meta
- alarms
- correlation
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000004044 response Effects 0.000 title claims abstract description 26
- 238000010219 correlation analysis Methods 0.000 claims abstract description 33
- 238000004458 analytical method Methods 0.000 claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 15
- 238000005516 engineering process Methods 0.000 claims abstract description 10
- 230000008439 repair process Effects 0.000 claims abstract description 5
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 238000012217 deletion Methods 0.000 claims description 6
- 230000037430 deletion Effects 0.000 claims description 6
- 238000003780 insertion Methods 0.000 claims description 6
- 230000037431 insertion Effects 0.000 claims description 6
- 238000004445 quantitative analysis Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 claims description 5
- 241000764238 Isis Species 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000013024 troubleshooting Methods 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 claims description 2
- 230000009471 action Effects 0.000 claims description 2
- 238000000691 measurement method Methods 0.000 claims description 2
- 238000006243 chemical reaction Methods 0.000 claims 1
- 230000002776 aggregation Effects 0.000 abstract description 2
- 238000004220 aggregation Methods 0.000 abstract description 2
- 238000007405 data analysis Methods 0.000 abstract 1
- 230000008030 elimination Effects 0.000 abstract 1
- 238000003379 elimination reaction Methods 0.000 abstract 1
- 230000007257 malfunction Effects 0.000 abstract 1
- 238000012098 association analyses Methods 0.000 description 6
- 238000005065 mining Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000001514 detection method Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007621 cluster analysis Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000011002 quantification Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Alarm Systems (AREA)
Abstract
Description
Claims (4)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510565165 | 2015-09-08 | ||
CN2015105651658 | 2015-09-08 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105847029A CN105847029A (en) | 2016-08-10 |
CN105847029B true CN105847029B (en) | 2019-08-09 |
Family
ID=56586983
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610130328.4A Active CN105847029B (en) | 2015-09-08 | 2016-03-09 | A kind of information security events auto-associating and quick response system based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105847029B (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106254125A (en) * | 2016-08-18 | 2016-12-21 | 南京联成科技发展有限公司 | The method and system of security incident correlation analysiss based on big data |
CN107332717A (en) * | 2017-08-16 | 2017-11-07 | 南京联成科技发展股份有限公司 | A kind of new type of safe wisdom platform realizes framework |
CN107479518A (en) * | 2017-08-16 | 2017-12-15 | 南京联成科技发展股份有限公司 | A kind of method and system for automatically generating alarm association rule |
CN109995561B (en) * | 2017-12-30 | 2022-03-29 | 中国移动通信集团福建有限公司 | Method, device, equipment and medium for positioning communication network fault |
CN108829794B (en) * | 2018-06-04 | 2022-04-12 | 北京交通大学 | Alarm analysis method based on interval graph |
CN109064179B (en) * | 2018-07-11 | 2022-05-20 | 成都理工大学 | Mobile payment security situation perception system |
CN111126729A (en) * | 2018-10-30 | 2020-05-08 | 千寻位置网络有限公司 | Intelligent safety event closed-loop disposal system and method thereof |
CN109660526A (en) * | 2018-12-05 | 2019-04-19 | 国网江西省电力有限公司信息通信分公司 | A kind of big data analysis method applied to information security field |
CN110149230B (en) * | 2019-05-20 | 2021-03-02 | 拉扎斯网络科技(上海)有限公司 | Service maintenance method and device, electronic equipment and readable storage medium |
CN110933101B (en) * | 2019-12-10 | 2022-11-04 | 腾讯科技(深圳)有限公司 | Security event log processing method, device and storage medium |
CN111224973A (en) * | 2019-12-31 | 2020-06-02 | 南京联成科技发展股份有限公司 | Network attack rapid detection system based on industrial cloud |
CN112118141B (en) * | 2020-09-21 | 2021-12-17 | 中山大学 | Communication network-oriented alarm event correlation compression method and device |
CN113377623B (en) * | 2021-07-02 | 2024-05-28 | 华青融天(北京)软件股份有限公司 | Automatic generation method and device of alarm rules and electronic equipment |
CN113901452B (en) * | 2021-09-30 | 2022-05-17 | 中国电子科技集团公司第十五研究所 | Sub-graph fuzzy matching security event identification method based on information entropy |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
CN101697545A (en) * | 2009-10-29 | 2010-04-21 | 成都市华为赛门铁克科技有限公司 | Security incident correlation method and device as well as network server |
CN101296122B (en) * | 2008-06-23 | 2011-04-20 | 中兴通讯股份有限公司 | Analytical method and device for alarm relativity |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070289013A1 (en) * | 2006-06-08 | 2007-12-13 | Keng Leng Albert Lim | Method and system for anomaly detection using a collective set of unsupervised machine-learning algorithms |
-
2016
- 2016-03-09 CN CN201610130328.4A patent/CN105847029B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296122B (en) * | 2008-06-23 | 2011-04-20 | 中兴通讯股份有限公司 | Analytical method and device for alarm relativity |
CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
CN101697545A (en) * | 2009-10-29 | 2010-04-21 | 成都市华为赛门铁克科技有限公司 | Security incident correlation method and device as well as network server |
Also Published As
Publication number | Publication date |
---|---|
CN105847029A (en) | 2016-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105847029B (en) | A kind of information security events auto-associating and quick response system based on big data | |
CN112651006B (en) | Power grid security situation sensing system | |
US11606373B2 (en) | Cyber threat defense system protecting email networks with machine learning models | |
CN103001811B (en) | Fault locating method and device | |
CN111565390B (en) | Internet of things equipment risk control method and system based on equipment portrait | |
US20230012220A1 (en) | Method for determining likely malicious behavior based on abnormal behavior pattern comparison | |
US10476752B2 (en) | Blue print graphs for fusing of heterogeneous alerts | |
CN105376193B (en) | The intelligent association analysis method and device of security incident | |
CN103441982A (en) | Intrusion alarm analyzing method based on relative entropy | |
CN111181971B (en) | System for automatically detecting industrial network attack | |
CN109302396A (en) | A kind of network security situational awareness method based on risk assessment | |
CN104468193A (en) | Method for monitoring service system based on module finding | |
WO2014096761A1 (en) | Network security management | |
Ren et al. | Captar: Causal-polytree-based anomaly reasoning for scada networks | |
Sen et al. | Towards an approach to contextual detection of multi-stage cyber attacks in smart grids | |
CN107479518A (en) | A kind of method and system for automatically generating alarm association rule | |
CN117729047B (en) | Intelligent learning engine method and system for industrial control network flow audit | |
CN117792733A (en) | Network threat detection method and related device | |
WO2017176676A1 (en) | Graph-based fusing of heterogeneous alerts | |
TWI744545B (en) | Decentralized network flow analysis approach and system for malicious behavior detection | |
Protic et al. | WK-FNN design for detection of anomalies in the computer network traffic | |
Yan et al. | Sim-watchdog: Leveraging temporal similarity for anomaly detection in dynamic graphs | |
CN118200019B (en) | Network event safety monitoring method and system | |
Guan et al. | A summary of research on the false alarm judgment methods | |
CN107332717A (en) | A kind of new type of safe wisdom platform realizes framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 210012, Nanjing high tech Zone, Jiangsu, Nanjing Software Park, No. 99 unity Road, Eagle building, block A, 14 floor Applicant after: Nanjing Liancheng science and technology development Limited by Share Ltd Address before: The small road line road in Yuhuatai District of Nanjing City, Jiangsu province 210012 Building No. 158 Building 1 new ideal Applicant before: NANJING LIANCHENG TECHNOLOGY DEVELOPMENT CO., LTD. |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 210000 14F, building A, Eagle building, 99 solidarity Road, Nanjing Software Park, Nanjing hi tech Zone, Jiangsu Applicant after: Nanjing Liancheng science and technology development Limited by Share Ltd Address before: 210000, Nanjing high tech Zone, Jiangsu, Nanjing Software Park, No. 99 unity Road, Eagle building, block A, 14 floor Applicant before: Nanjing Liancheng science and technology development Limited by Share Ltd |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information security event automatic association and rapid response system based on big data Effective date of registration: 20200328 Granted publication date: 20190809 Pledgee: Bank of Jiangsu, Limited by Share Ltd, Nanjing Jiangning branch Pledgor: NANJING LIANCHENG TECHNOLOGY DEVELOPMENT Co.,Ltd. Registration number: Y2020980001149 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210521 Granted publication date: 20190809 Pledgee: Bank of Jiangsu Limited by Share Ltd. Nanjing Jiangning branch Pledgor: NANJING LIANCHENG TECHNOLOGY DEVELOPMENT Co.,Ltd. Registration number: Y2020980001149 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |