CN114189367A - Safety log analysis system based on knowledge graph - Google Patents
Safety log analysis system based on knowledge graph Download PDFInfo
- Publication number
- CN114189367A CN114189367A CN202111438539.1A CN202111438539A CN114189367A CN 114189367 A CN114189367 A CN 114189367A CN 202111438539 A CN202111438539 A CN 202111438539A CN 114189367 A CN114189367 A CN 114189367A
- Authority
- CN
- China
- Prior art keywords
- log
- safety
- knowledge
- security
- knowledge graph
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 52
- 238000012545 processing Methods 0.000 claims abstract description 20
- 238000000605 extraction Methods 0.000 claims abstract description 16
- 230000004927 fusion Effects 0.000 claims abstract description 10
- 238000001914 filtration Methods 0.000 claims abstract description 9
- 238000012098 association analyses Methods 0.000 claims abstract description 4
- 238000010276 construction Methods 0.000 claims description 23
- 238000000034 method Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 8
- 230000002085 persistent effect Effects 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- 238000012800 visualization Methods 0.000 claims description 5
- 238000007405 data analysis Methods 0.000 claims description 4
- 238000013480 data collection Methods 0.000 claims description 4
- 238000013079 data visualisation Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 230000002155 anti-virotic effect Effects 0.000 claims description 3
- 238000010219 correlation analysis Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 6
- 231100000279 safety data Toxicity 0.000 abstract 1
- 230000006399 behavior Effects 0.000 description 6
- 238000013441 quality evaluation Methods 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/288—Entity relationship models
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
- G06N5/025—Extracting rules from data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Computational Linguistics (AREA)
- Medical Informatics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Physics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a safety log analysis system based on a knowledge graph, which comprises a safety log data acquisition module, a data processing module and a data processing module, wherein the safety log data acquisition module is used for acquiring safety logs generated by network safety equipment, and caching and filtering the safety logs; the safety log knowledge graph building module is used for analyzing and processing various types of data sources by adopting a bottom-up iteration updating mode through knowledge extraction, fusion and processing to build a body and form a safety log knowledge graph; and the safety log analysis module based on the knowledge graph is used for carrying out comprehensive analysis processing and safety log association analysis on the diversified safety event information according to the safety log knowledge graph. The invention combines the knowledge graph technology and the safety log association analysis, controls and filters the flow of the collected safety logs, combines the safety log data and the network safety data to construct the knowledge graph, and utilizes the knowledge reasoning technology to mine the association of the data such as the safety log entity and the like, thereby reflecting the logical relationship among the data more intuitively.
Description
Technical Field
The invention belongs to the field of network space security, and particularly relates to a security log analysis system based on a knowledge graph.
Background
With the rapid development of the internet, many network security devices are widely used to prevent network attacks, such as intrusion detection systems, antivirus software, and network security firewalls. The systems or software can perform alarm processing on most network security threats, and can monitor the operation condition of the network and suppress attack behaviors to a certain extent. However, with the development of the internet, the number of attack behaviors is rapidly increased, and these security devices generate massive log data every day, which greatly affects the security management efficiency of the network. It becomes difficult to uniformly collect and manage such large-scale heterogeneous security logs, and for abnormal log data, the associated log data which may be abnormal cannot be viewed.
However, conventional analysis techniques have difficulty meeting such large-scale log data requirements. Most of the traditional log analysis technologies are based on regular expression rules or empirical characteristics, so that unknown attack means are difficult to deal with and the false alarm rate is high. Even if a part of traditional detection algorithms embody a better detection effect, certain adaptability and flexibility are lacked. It is very difficult to find the deep level of attack intention and attack behavior only from the low-level isolated security alarm log, and it is difficult to mine the correlation between data.
Disclosure of Invention
The invention aims to provide a safety log analysis system based on a knowledge graph aiming at the problems in the prior art.
The technical solution for realizing the purpose of the invention is as follows: a safety log analysis system based on a knowledge graph comprises a safety log data acquisition module, a safety log knowledge graph construction module and a safety log analysis module based on the knowledge graph;
the safety log data acquisition module is used for acquiring a safety log generated by the network safety equipment and sending the safety log to the safety log knowledge map construction module after caching and filtering;
the safety log knowledge graph building module is used for analyzing and processing various data sources by adopting a bottom-up iteration updating mode through knowledge extraction, knowledge fusion and knowledge processing to build an ontology, forming a safety log knowledge graph and providing the safety log knowledge graph to the safety log analysis module based on the knowledge graph for correlation analysis;
the safety log analysis module based on the knowledge graph is used for carrying out comprehensive analysis processing and safety log association analysis on diversified safety event information according to the safety log knowledge graph.
Preferably, the network security device comprises an intrusion detection system IDS, antivirus software and a network security Firewall.
Preferably, the process of collecting target security log data by the security log data collection module includes:
deploying log collection tools on all services needing to collect the security logs, monitoring and filtering the collected security logs by the tools, and sending the logs to a message queue Redis for caching;
and setting a reasonable flow limiting threshold, monitoring Redis by a log collection tool, filtering the cached log, and writing the filtered log into a distributed full-text search engine Elasticissearch cluster for storage. And the data analysis and visualization platform performs visualization reading analysis.
Preferably, the log collection tool comprises a lightweight log collection tool filebeacon and a log collection processing framework logstack with a filter function; the monitoring of the Redis is realized through a Logstash indexer; the data analysis and visualization platform is Kibana.
Preferably, the security log data collection module is further configured to divide the security log collected to the Elasticsearch cluster into an unstructured log, a semi-structured log and a structured log according to the data form of the log.
Preferably, the specific process of constructing the security log knowledge graph under the security log knowledge graph construction module is as follows:
and performing knowledge extraction on the safety log data collected by the safety log data acquisition module, specifically: identifying security log entities by adopting an entity extraction technology, realizing relationship construction between the entities by utilizing the relationship extraction technology, and integrating the relationship construction into security log knowledge;
by knowledge fusion, the body construction of a structured field analyzed by multi-source safety log data is carried out, different description information representing the same entity or entity pair is integrated, and a safety log knowledge graph is constructed;
performing semi-automatic knowledge verification on the safety log knowledge after knowledge fusion;
and realizing persistent storage of the safety log body data and the safety log knowledge graph knowledge data based on the graph database, and updating the safety log knowledge graph data by using verified knowledge.
Preferably, the security log knowledge graph building module queries the security log data of the security log data acquisition module through an Elasticsearch client component RestHighLevelClient by using an HTTP protocol connection.
Preferably, the security log knowledge graph construction module realizes persistent storage of security log knowledge graph component nodes and association relations among the nodes through the graph database Neo4 j.
Preferably, the knowledge is visually displayed in the form of an attribute graph by the security log knowledge graph in the security log analysis module based on the knowledge graph, so that knowledge retrieval of related knowledge of the security log is supported.
Preferably, the security log analysis module based on the knowledge graph adopts a network security log analysis model based on knowledge graph drive, and adopts an analysis method based on rules and statistics to comprehensively analyze the security log and the security events.
Compared with the prior art, the invention has the following remarkable advantages: 1) according to the invention, the collected log files are cached by taking Redis as a message queue, flow control is realized, the bottleneck problem of flow in a high-concurrency scene is solved by matching with a real-time log analysis ELK platform, and the log collection capability of real-time distributed multisource and the processing capability of a system are improved; 2) based on the knowledge graph technology, the invention adopts a knowledge graph construction method of bottom-to-top iterative update, and gathers mass data into knowledge through the steps of knowledge extraction, knowledge fusion, knowledge processing and the like, so that log resources are easier to analyze and understand. And mining the deep-level correlation of the safety log to form a knowledge graph, thereby better realizing result visualization.
The present invention is described in further detail below with reference to the attached drawing figures.
Drawings
FIG. 1 is a process flow diagram of a security log analysis system based on a knowledge-graph.
FIG. 2 is a schematic diagram of a security log analysis system based on a knowledge-graph.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
As shown in fig. 2, the invention provides a security log analysis system based on a knowledge graph, which comprises a security log data acquisition module, a security log knowledge graph construction module, and a security log analysis module based on a knowledge graph:
(1) safety log data acquisition module
The security log data acquisition module is deployed on a service needing to collect security logs, and a large amount of security log information reflecting network security behaviors can be generated by the network security equipment in the process of monitoring operation. The security log refers to the record of sensitive behaviors of relevant security devices for security monitoring of networks, computers and the like, and the output of the security log in a large network system for an intrusion detection system is huge. According to the form of collecting logs, the method is mainly divided into two main categories: real-time acquisition and off-line acquisition. The log acquisition module has the main functions of collecting structured, semi-structured and unstructured alarm logs from the network security equipment in real time, filtering and analyzing the security logs and realizing the persistent retrieval storage and the visual analysis display of the security logs.
(2) Safety log knowledge graph construction module
The safety log knowledge graph construction module is used for constructing a safety log knowledge graph by mining effective information of safety log data aiming at unstructured safety log data acquired by the safety log data acquisition module. And analyzing and processing the multi-source heterogeneous security log to realize knowledge extraction of the security log. And acquiring various network security data, such as structured data of public security vulnerability libraries, vulnerability libraries and the like and unstructured vulnerability description information, and performing data integration. Errors and redundancies possibly existing in the result data after the knowledge extraction are eliminated through knowledge fusion, and the logicality and the hierarchy among the data are improved. And then, by knowledge processing, the body construction is carried out on the structural field analyzed by the multi-source safety log data, different description information representing the same entity or entity pair is integrated, the quality evaluation is carried out on knowledge based on an automatic knowledge verification method, and a safety log knowledge graph is constructed. And storing the safety log body data and the safety log knowledge map knowledge data through a database in a persistent mode, and inquiring and updating safety log knowledge in the safety log knowledge map by using new knowledge after quality evaluation.
(3) Safety log analysis module based on knowledge graph
The safety log analysis module based on the knowledge graph mainly uses the safety log knowledge graph constructed by the knowledge graph technology based on the safety log knowledge graph construction module to analyze the safety log. And performing relevance analysis according to the entity of the log data represented by the knowledge graph and the relation of the log data, and realizing result visualization. A network security log analysis model based on knowledge graph drive is built, attacks and threats hidden in the network security log analysis model are analyzed, network security analysis capability based on the aspects of vulnerabilities, threats and the like is enhanced, and network security active defense capability is improved.
The invention utilizes the method of combining the message queue and the ELK to effectively solve the defects of the transmission capability and the processing capability of the system, and visually knows the security log entities and the relationship between the entities by constructing the security log knowledge graph and utilizing the knowledge reasoning technology in the log analysis.
Examples
The embodiment utilizes the system of the present invention to implement the security log data knowledge graph analysis, as shown in fig. 1. The security log knowledge graph analysis process is as follows:
firstly, a security log data acquisition module acquires a security log of the network security device warning network attack behavior, and realizes distributed storage of the security log through caching of a message queue and filtering and analyzing of Logstash.
And secondly, the security log knowledge graph building module queries security log data of the security log data acquisition module by using an HTTP (hyper text transport protocol) connection through an elastic search client component RestHighLevelClient.
Thirdly, the security log knowledge graph construction module performs knowledge graph construction operation according to the received security log data:
knowledge extraction is realized on the collected safety log data of the safety log data acquisition module, an entity extraction technology is adopted to identify safety log entities in the safety log data, and a relationship extraction technology is utilized to realize relationship construction between the entities and integrate the safety log knowledge;
errors and redundancies possibly existing in result data after knowledge extraction are eliminated through knowledge fusion, and the logicality and the hierarchy among the data are improved;
then, by knowledge processing, the body construction of a structured field analyzed by multi-source safety log data is carried out, different description information representing the same entity or entity pair is integrated, quality evaluation is carried out on knowledge based on an automatic knowledge verification method, and a safety log knowledge graph is constructed;
and finally, storing the safety log body data and the safety log knowledge map knowledge data through a database in a persistent mode, and inquiring and updating safety log knowledge in the safety log knowledge map by using new knowledge after quality evaluation.
And fourthly, a safety log analysis module based on the knowledge graph displays the knowledge of the knowledge graph of the safety log in a knowledge visualization mode in the form of an attribute graph, and supports the knowledge retrieval of the related knowledge of the safety log. And analyzing the security log and the security event in a correlation manner by adopting a knowledge graph-driven network security log analysis model and a rule-based and statistic-based analysis method.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. A safety log analysis system based on a knowledge graph is characterized by comprising a safety log data acquisition module, a safety log knowledge graph construction module and a safety log analysis module based on the knowledge graph;
the safety log data acquisition module is used for acquiring a safety log generated by the network safety equipment and sending the safety log to the safety log knowledge map construction module after caching and filtering;
the safety log knowledge graph building module is used for analyzing and processing various data sources by adopting a bottom-up iteration updating mode through knowledge extraction, knowledge fusion and knowledge processing to build an ontology, forming a safety log knowledge graph and providing the safety log knowledge graph to the safety log analysis module based on the knowledge graph for correlation analysis;
the safety log analysis module based on the knowledge graph is used for carrying out comprehensive analysis processing and safety log association analysis on diversified safety event information according to the safety log knowledge graph.
2. The knowledgegraph-based security log analysis system of claim 1, wherein the network security device comprises an Intrusion Detection System (IDS), antivirus software, and a network security Firewall (Firewall).
3. The knowledgegraph-based security log analysis system of claim 2, wherein the process of the security log data collection module collecting target security log data comprises:
deploying log collection tools on all services needing to collect the security logs, monitoring and filtering the collected security logs by the tools, and sending the logs to a message queue Redis for caching;
setting a reasonable flow limiting threshold, monitoring Redis by a log collection tool, filtering the cached log, and writing the filtered log into a distributed full-text search engine Elasticissearch cluster for storage;
and the data analysis and visualization platform performs visualization reading analysis.
4. The knowledgegraph-based security log analysis system of claim 3, wherein the log collection tool comprises a lightweight log collection tool Filebeat and a log collection processing framework Logstash with filter function; the monitoring of the Redis is realized through a Logstash indexer; the data analysis and visualization platform is Kibana.
5. The knowledge-graph-based security log analysis system according to claim 3, wherein the security log data collection module is further configured to divide the security log collected to the Elasticsearch cluster into an unstructured log, a semi-structured log and a structured log according to the data form of the log.
6. The system for analyzing the safety log based on the knowledge-graph, according to claim 1, wherein the specific process of constructing the safety log knowledge-graph under the safety log knowledge-graph constructing module is as follows:
and performing knowledge extraction on the safety log data collected by the safety log data acquisition module, specifically: identifying security log entities by adopting an entity extraction technology, realizing relationship construction between the entities by utilizing the relationship extraction technology, and integrating the relationship construction into security log knowledge;
by knowledge fusion, the body construction of a structured field analyzed by multi-source safety log data is carried out, different description information representing the same entity or entity pair is integrated, and a safety log knowledge graph is constructed;
performing semi-automatic knowledge verification on the safety log knowledge after knowledge fusion;
and realizing persistent storage of the safety log body data and the safety log knowledge graph knowledge data based on the graph database, and updating the safety log knowledge graph data by using verified knowledge.
7. The system of claim 6, wherein the security log knowledge graph building module queries the security log data of the security log data acquisition module through an Elasticsearch client component RestHighLevelClient using an HTTP protocol connection.
8. The security log knowledge graph analysis system based on knowledge graph of claim 6, wherein the security log knowledge graph construction module implements persistent storage of security log knowledge graph component nodes and inter-node association relations through a graph database Neo4 j.
9. The system according to claim 1, wherein the security log knowledge graph in the security log analysis module based on knowledge graph visually displays knowledge in the form of an attribute graph, and supports knowledge retrieval of related knowledge of the security log.
10. The system of claim 1, wherein the security log analysis module analyzes the security log and the security events in a comprehensive manner using a security log analysis model based on knowledge-graph driven network, using a rule-based and statistical-based analysis method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111438539.1A CN114189367A (en) | 2021-11-30 | 2021-11-30 | Safety log analysis system based on knowledge graph |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111438539.1A CN114189367A (en) | 2021-11-30 | 2021-11-30 | Safety log analysis system based on knowledge graph |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114189367A true CN114189367A (en) | 2022-03-15 |
Family
ID=80602937
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111438539.1A Pending CN114189367A (en) | 2021-11-30 | 2021-11-30 | Safety log analysis system based on knowledge graph |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114189367A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319074A (en) * | 2023-05-12 | 2023-06-23 | 北京安博通科技股份有限公司 | Method and device for detecting collapse equipment based on multi-source log and electronic equipment |
| CN117033334A (en) * | 2023-10-08 | 2023-11-10 | 吉林省高速公路集团有限公司 | Expressway toll lane log acquisition processing method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017166644A1 (en) * | 2016-03-31 | 2017-10-05 | 乐视控股(北京)有限公司 | Data acquisition method and system |
| CN107368468A (en) * | 2017-06-06 | 2017-11-21 | 广东广业开元科技有限公司 | A kind of generation method and system of O&M knowledge mapping |
| CN109005069A (en) * | 2018-08-29 | 2018-12-14 | 中国人民解放军国防科技大学 | Network security knowledge graph association analysis method based on heaven-earth integrated network |
| CN109376532A (en) * | 2018-10-31 | 2019-02-22 | 云南电网有限责任公司 | Power network security monitoring method and system based on the analysis of ELK log collection |
| CN111104302A (en) * | 2019-12-06 | 2020-05-05 | 紫光云(南京)数字技术有限公司 | Improved ELK log analysis method for cluster system |
| CN112579707A (en) * | 2020-12-08 | 2021-03-30 | 西安邮电大学 | Log data knowledge graph construction method |
-
2021
- 2021-11-30 CN CN202111438539.1A patent/CN114189367A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017166644A1 (en) * | 2016-03-31 | 2017-10-05 | 乐视控股(北京)有限公司 | Data acquisition method and system |
| CN107368468A (en) * | 2017-06-06 | 2017-11-21 | 广东广业开元科技有限公司 | A kind of generation method and system of O&M knowledge mapping |
| CN109005069A (en) * | 2018-08-29 | 2018-12-14 | 中国人民解放军国防科技大学 | Network security knowledge graph association analysis method based on heaven-earth integrated network |
| CN109376532A (en) * | 2018-10-31 | 2019-02-22 | 云南电网有限责任公司 | Power network security monitoring method and system based on the analysis of ELK log collection |
| CN111104302A (en) * | 2019-12-06 | 2020-05-05 | 紫光云(南京)数字技术有限公司 | Improved ELK log analysis method for cluster system |
| CN112579707A (en) * | 2020-12-08 | 2021-03-30 | 西安邮电大学 | Log data knowledge graph construction method |
Non-Patent Citations (3)
| Title |
|---|
| 吉港: "基于ELK 的安全日志分析技术研究", 硕士电子期刊, 30 September 2023 (2023-09-30) * |
| 董聪;姜波;卢志刚;刘宝旭;李宁;马平川;姜政伟;刘俊荣;: "面向网络空间安全情报的知识图谱综述", 信息安全学报, no. 05, 15 September 2020 (2020-09-15) * |
| 陶源: "基于知识图谱驱动的网络安全等级保护日志审计分析模型研究", 信息网络安全, 10 January 2020 (2020-01-10), pages 1 - 6 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319074A (en) * | 2023-05-12 | 2023-06-23 | 北京安博通科技股份有限公司 | Method and device for detecting collapse equipment based on multi-source log and electronic equipment |
| CN116319074B (en) * | 2023-05-12 | 2023-08-15 | 北京安博通科技股份有限公司 | Method and device for detecting collapse equipment based on multi-source log and electronic equipment |
| CN117033334A (en) * | 2023-10-08 | 2023-11-10 | 吉林省高速公路集团有限公司 | Expressway toll lane log acquisition processing method and system |
| CN117033334B (en) * | 2023-10-08 | 2023-12-22 | 吉林省高速公路集团有限公司 | Expressway toll lane log acquisition processing method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3528463B1 (en) | An artificial intelligence cyber security analyst | |
| US10885393B1 (en) | Scalable incident-response and forensics toolkit | |
| CN101399658B (en) | Safe log analyzing method and system | |
| US10915626B2 (en) | Graph model for alert interpretation in enterprise security system | |
| CN114189367A (en) | Safety log analysis system based on knowledge graph | |
| US9961047B2 (en) | Network security management | |
| CN116662989B (en) | Security data analysis method and system | |
| CN115134250B (en) | Network attack tracing evidence obtaining method | |
| CN113938401A (en) | Naval vessel network security visualization system | |
| Jaaz et al. | Database techniques for resilient network monitoring and inspection | |
| Fatemi et al. | Threat hunting in windows using big security log data | |
| Skendžić et al. | Management and monitoring security events in a business organization-siem system | |
| Hwoij et al. | SIEM architecture for the Internet of Things and smart city | |
| CN115795330A (en) | Medical information anomaly detection method and system based on AI algorithm | |
| Jin et al. | An adaptive analysis framework for correlating cyber-security-related data | |
| CN110912753A (en) | Cloud security event real-time detection system and method based on machine learning | |
| Wasniowski | Multi-sensor agent-based intrusion detection system | |
| Liao et al. | Research on network intrusion detection method based on deep learning algorithm | |
| CN112910842B (en) | Network attack event evidence obtaining method and device based on flow reduction | |
| CN113572781A (en) | Method for collecting network security threat information | |
| Kong et al. | Research on situation analysis technology of network security incidents | |
| Kawakani et al. | Discovering attackers past behavior to generate online hyper-alerts | |
| Hingane et al. | Intrusion detection techniques: A review | |
| Wu et al. | Meta-analysis of network information security and Web data mining techniques | |
| Riyad et al. | A Quality Framework to Improve IDS Performance Through Alert Post-Processing. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |