CN113647078B - 一种管理安全事件的方法、装置和计算机可读存储介质 - Google Patents

一种管理安全事件的方法、装置和计算机可读存储介质 Download PDF

Info

Publication number
CN113647078B
CN113647078B CN202080025376.1A CN202080025376A CN113647078B CN 113647078 B CN113647078 B CN 113647078B CN 202080025376 A CN202080025376 A CN 202080025376A CN 113647078 B CN113647078 B CN 113647078B
Authority
CN
China
Prior art keywords
time
description
security
extracted
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202080025376.1A
Other languages
English (en)
Chinese (zh)
Other versions
CN113647078A (zh
Inventor
P·拉维德拉
Y·帕克
D·基拉特
张智勇
M·P·斯多艾克林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN113647078A publication Critical patent/CN113647078A/zh
Application granted granted Critical
Publication of CN113647078B publication Critical patent/CN113647078B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2477Temporal data queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/258Data format conversion from or to a database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/335Filtering based on additional data, e.g. user or group profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • General Health & Medical Sciences (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CN202080025376.1A 2019-04-06 2020-03-23 一种管理安全事件的方法、装置和计算机可读存储介质 Active CN113647078B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/377,164 US11082434B2 (en) 2019-04-06 2019-04-06 Inferring temporal relationships for cybersecurity events
US16/377,164 2019-04-06
PCT/IB2020/052686 WO2020208448A1 (en) 2019-04-06 2020-03-23 Inferring temporal relationships for cybersecurity events

Publications (2)

Publication Number Publication Date
CN113647078A CN113647078A (zh) 2021-11-12
CN113647078B true CN113647078B (zh) 2022-10-04

Family

ID=72662552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080025376.1A Active CN113647078B (zh) 2019-04-06 2020-03-23 一种管理安全事件的方法、装置和计算机可读存储介质

Country Status (5)

Country Link
US (1) US11082434B2 (https=)
JP (1) JP7436501B2 (https=)
CN (1) CN113647078B (https=)
GB (1) GB2598493B (https=)
WO (1) WO2020208448A1 (https=)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12475019B2 (en) * 2018-06-14 2025-11-18 Ntt, Inc. System state estimation apparatus, system state estimation method and program
US11580127B1 (en) 2018-12-21 2023-02-14 Wells Fargo Bank, N.A. User interfaces for database visualizations
US11126711B2 (en) * 2019-04-09 2021-09-21 Jpmorgan Chase Bank, N.A. System and method for implementing a log source value tool for security information event management
US11934948B1 (en) * 2019-07-16 2024-03-19 The Government Of The United States As Represented By The Director, National Security Agency Adaptive deception system
US20220276945A1 (en) * 2019-07-29 2022-09-01 Nec Corporation Estimation apparatus, estimation method, and non-transitory computer readable medium
US11526625B2 (en) * 2019-10-28 2022-12-13 Bank Of America Corporation Systems for sanitizing production data for use in testing and development environments
CN112887119B (zh) * 2019-11-30 2022-09-16 华为技术有限公司 故障根因确定方法及装置、计算机存储介质
KR102452123B1 (ko) * 2020-12-23 2022-10-12 한국전자통신연구원 비정형 사이버 위협 정보 빅데이터 구축 장치, 사이버 위협 정보 빅데이터 구축 및 연관성 분석 방법
CN112910842B (zh) * 2021-01-14 2021-10-01 中国电子科技集团公司第十五研究所 一种基于流量还原的网络攻击事件取证方法与装置
US11416609B1 (en) * 2021-02-25 2022-08-16 Expel, Inc. Systems and methods for cyber security threat detection and expedited generation of investigation storyboards using intelligent cyber security automations
US11924250B2 (en) * 2021-04-21 2024-03-05 Microsoft Technology Licensing, Llc Automated contextual understanding of unstructured security documents
CN113032794A (zh) * 2021-04-23 2021-06-25 恒安嘉新(北京)科技股份公司 安全漏洞知识图谱的构建方法、装置、设备和存储介质
US12014375B2 (en) * 2021-07-02 2024-06-18 Target Brands, Inc. Generating security event case files from disparate unstructured data
US12321428B2 (en) * 2021-07-08 2025-06-03 Nippon Telegraph And Telephone Corporation User authentication device, user authentication method, and user authentication computer program
US12045270B2 (en) 2021-07-23 2024-07-23 International Business Machines Corporation Retrieving documents according to temporal similarity
CN113904838A (zh) * 2021-09-30 2022-01-07 北京天融信网络安全技术有限公司 一种传感器数据检测方法、装置、电子设备及存储介质
CN113869031B (zh) * 2021-10-15 2025-12-23 杭州网易智企科技有限公司 截止时间获取方法、介质、装置和计算设备
US11782784B2 (en) 2021-10-25 2023-10-10 Capital One Services, Llc Remediation action system
US12081562B2 (en) * 2021-10-25 2024-09-03 Capital One Services, Llc Predictive remediation action system
CN114039765A (zh) * 2021-11-04 2022-02-11 全球能源互联网研究院有限公司 一种配电物联网的安全管控方法、装置及电子设备
US12072918B1 (en) 2021-12-28 2024-08-27 Wells Fargo Bank, N.A. Machine learning using knowledge graphs
US11768837B1 (en) 2021-12-28 2023-09-26 Wells Fargo Bank, N.A. Semantic entity search using vector space
US11880379B1 (en) 2022-04-28 2024-01-23 Wells Fargo Bank, N.A. Identity resolution in knowledge graph databases
CN117251278A (zh) * 2022-06-10 2023-12-19 戴尔产品有限公司 数据处理方法、电子设备和计算机程序产品
CN115994175B (zh) * 2022-12-19 2026-03-17 北京百度网讯科技有限公司 面向网络言论的信息挖掘方法、装置和电子设备
US20240214425A1 (en) * 2022-12-27 2024-06-27 Cisco Technology, Inc. Using an end-to-end policy controller to automatically discover and inventory enforcement points in a network
US20240220724A1 (en) * 2023-01-04 2024-07-04 Astrata, Inc. Temporal Model
US12381900B2 (en) 2023-01-06 2025-08-05 International Business Machines Corporation Building a time dimension based on a time data model and creating an association relationship between the time dimension and a second data model for analyzing data in the time dimension
US12596878B1 (en) * 2023-02-14 2026-04-07 Anson An-Chun Tsao System for inferring saliency in a multivariate time series derived from periodic conversation with fine-tuned large language model
WO2024215328A1 (en) * 2023-04-14 2024-10-17 Pricewaterhousecoopers Llp Method and apparatus to extract client data with context using enterprise knowledge graph framework
CN116523039B (zh) * 2023-04-26 2024-02-09 华院计算技术(上海)股份有限公司 连铸知识图谱的生成方法及装置、存储介质、终端
US12580938B2 (en) 2023-11-20 2026-03-17 International Business Machines Corporation Conditional hypothesis generation for enterprise process trees
US12244637B1 (en) * 2024-02-09 2025-03-04 Netskope, Inc. Machine learning powered cloud sandbox for malware detection
US12596802B2 (en) * 2024-03-29 2026-04-07 Dell Products L.P. Malware detection techniques
US12572651B2 (en) 2024-05-07 2026-03-10 Netskope, Inc. Classifier for identifying suspicious PDF files to limit deep-scanning
US20260003955A1 (en) * 2024-07-01 2026-01-01 Samsung Electronics Co., Ltd. Privacy-aware mobile security threat detection and logging
US12596804B1 (en) 2024-10-04 2026-04-07 Netskope, Inc. Machine learning powered cloud sandbox for malware detection in portable document format (PDF) files
CN119397115B (zh) * 2024-11-05 2025-09-30 百度在线网络技术(北京)有限公司 事件描述生成方法、数据库生成方法、装置、电子设备
CN120950618B (zh) * 2025-10-14 2025-12-26 四维世景科技(北京)有限公司 一种基于地理网格编码的开源信息搜集整合系统及方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9992209B1 (en) * 2016-04-22 2018-06-05 Awake Security, Inc. System and method for characterizing security entities in a computing environment
CN108399194A (zh) * 2018-01-29 2018-08-14 中国科学院信息工程研究所 一种网络威胁情报生成方法及系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8595176B2 (en) 2009-12-16 2013-11-26 The Boeing Company System and method for network security event modeling and prediction
US8856936B2 (en) 2011-10-14 2014-10-07 Albeado Inc. Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security
US9392010B2 (en) 2011-11-07 2016-07-12 Netflow Logic Corporation Streaming method and system for processing network metadata
US9256664B2 (en) * 2014-07-03 2016-02-09 Palantir Technologies Inc. System and method for news events detection and visualization
US9716721B2 (en) * 2014-08-29 2017-07-25 Accenture Global Services Limited Unstructured security threat information analysis
US9699205B2 (en) 2015-08-31 2017-07-04 Splunk Inc. Network security system
JP6838560B2 (ja) * 2015-12-14 2021-03-03 日本電気株式会社 情報分析システム、情報分析方法、及び、プログラム
US20180159876A1 (en) * 2016-12-05 2018-06-07 International Business Machines Corporation Consolidating structured and unstructured security and threat intelligence with knowledge graphs
US10462169B2 (en) * 2017-04-29 2019-10-29 Splunk Inc. Lateral movement detection through graph-based candidate selection
JP2018195197A (ja) * 2017-05-19 2018-12-06 富士通株式会社 評価プログラム、評価方法および情報処理装置
US11132541B2 (en) * 2017-09-29 2021-09-28 The Mitre Corporation Systems and method for generating event timelines using human language technology

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9992209B1 (en) * 2016-04-22 2018-06-05 Awake Security, Inc. System and method for characterizing security entities in a computing environment
CN108399194A (zh) * 2018-01-29 2018-08-14 中国科学院信息工程研究所 一种网络威胁情报生成方法及系统

Also Published As

Publication number Publication date
JP7436501B2 (ja) 2024-02-21
GB2598493A (en) 2022-03-02
CN113647078A (zh) 2021-11-12
WO2020208448A1 (en) 2020-10-15
GB2598493B (en) 2022-07-20
US20200322361A1 (en) 2020-10-08
GB202114777D0 (en) 2021-12-01
US11082434B2 (en) 2021-08-03
JP2022527511A (ja) 2022-06-02

Similar Documents

Publication Publication Date Title
CN113647078B (zh) 一种管理安全事件的方法、装置和计算机可读存储介质
US20230319090A1 (en) Consolidating structured and unstructured security and threat intelligence with knowledge graphs
US10958672B2 (en) Cognitive offense analysis using contextual data and knowledge graphs
US12289338B2 (en) Threat disposition analysis and modeling using supervised machine learning
US11089040B2 (en) Cognitive analysis of security data with signal flow-based graph exploration
US10681061B2 (en) Feedback-based prioritized cognitive analysis
US11194905B2 (en) Affectedness scoring engine for cyber threat intelligence services
Sun et al. Cyber threat intelligence mining for proactive cybersecurity defense: A survey and new perspectives
CN112131882B (zh) 一种多源异构网络安全知识图谱构建方法及装置
US10313365B2 (en) Cognitive offense analysis using enriched graphs
Lin et al. Retrieval of relevant historical data triage operations in security operation centers
US10686830B2 (en) Corroborating threat assertions by consolidating security and threat intelligence with kinetics data
US20250030704A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
US20250028826A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
Habibzadeh et al. Large Language Models for Security Operations Centers: A Comprehensive Survey
Alharbi et al. Enhancing cybersecurity through autonomous knowledge graph construction by integrating heterogeneous data sources
Salem et al. Enabling New Technologies for Cyber Security Defense with the ICAS Cyber Security Ontology.
Lanza et al. Ransomware analysis: knowledge extraction and classification for advanced cyber threat intelligence
Tabiban et al. Vincidecoder: automatically interpreting provenance graphs into textual forensic reports with application to openstack
Shenoy Correlation of Vulnerabilities to MITRE ATT&CK Using Natural Language Processing (NLP) Feature-Modeling
Rogushina et al. Ontology-Based Approach to Validation of Learning Outcomes for Information Security Domain.
Ma et al. The advancement of knowledge graphs in cybersecurity: A comprehensive overview
Mittal Knowledge for cyber threat intelligence
de Souza Vieira et al. Methodology for Threat Detection and Prevention Integrating Cyber Threat Intelligence and SIEM
Vanamala Machine Learning Based Approach to Recommend Attack Patterns for Software Requirements Specifications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant