CN105681274A - 一种原始告警信息处理的方法及装置 - Google Patents
一种原始告警信息处理的方法及装置 Download PDFInfo
- Publication number
- CN105681274A CN105681274A CN201510958909.2A CN201510958909A CN105681274A CN 105681274 A CN105681274 A CN 105681274A CN 201510958909 A CN201510958909 A CN 201510958909A CN 105681274 A CN105681274 A CN 105681274A
- Authority
- CN
- China
- Prior art keywords
- attack
- source
- alarm information
- state machine
- original alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510958909.2A CN105681274B (zh) | 2015-12-18 | 2015-12-18 | 一种原始告警信息处理的方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510958909.2A CN105681274B (zh) | 2015-12-18 | 2015-12-18 | 一种原始告警信息处理的方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105681274A true CN105681274A (zh) | 2016-06-15 |
CN105681274B CN105681274B (zh) | 2019-02-01 |
Family
ID=56189597
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510958909.2A Active CN105681274B (zh) | 2015-12-18 | 2015-12-18 | 一种原始告警信息处理的方法及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105681274B (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110362536A (zh) * | 2019-07-15 | 2019-10-22 | 北京工业大学 | 基于告警关联的日志密文检索方法 |
CN110809010A (zh) * | 2020-01-08 | 2020-02-18 | 浙江乾冠信息安全研究院有限公司 | 威胁信息处理方法、装置、电子设备及介质 |
CN111294233A (zh) * | 2018-12-11 | 2020-06-16 | 国网信息通信产业集团有限公司 | 网络告警统计分析方法、***及计算机可读存储介质 |
CN112131249A (zh) * | 2020-09-28 | 2020-12-25 | 绿盟科技集团股份有限公司 | 一种攻击意图识别方法及装置 |
CN112887310A (zh) * | 2021-01-27 | 2021-06-01 | 华南理工大学 | 一种提升网络攻击风险评估效率的方法、设备及介质 |
CN113489680A (zh) * | 2021-06-07 | 2021-10-08 | 广发银行股份有限公司 | 网络攻击威胁等级评估模型、评估方法、终端及介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050108393A1 (en) * | 2003-10-31 | 2005-05-19 | International Business Machines Corporation | Host-based network intrusion detection systems |
CN101034974A (zh) * | 2007-03-29 | 2007-09-12 | 北京启明星辰信息技术有限公司 | 基于时间序列和事件序列的关联分析攻击检测方法和装置 |
CN101076013A (zh) * | 2006-05-19 | 2007-11-21 | 上海三零卫士信息安全有限公司 | 一种网络数据智能漂移引导***及其数据漂移引导方法 |
CN101242278A (zh) * | 2008-02-18 | 2008-08-13 | 华中科技大学 | 网络多步攻击意图在线识别方法 |
CN101272286A (zh) * | 2008-05-15 | 2008-09-24 | 上海交通大学 | 网络入侵事件关联检测方法 |
CN101697545A (zh) * | 2009-10-29 | 2010-04-21 | 成都市华为赛门铁克科技有限公司 | 安全事件关联方法、装置及网络服务器 |
-
2015
- 2015-12-18 CN CN201510958909.2A patent/CN105681274B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050108393A1 (en) * | 2003-10-31 | 2005-05-19 | International Business Machines Corporation | Host-based network intrusion detection systems |
CN101076013A (zh) * | 2006-05-19 | 2007-11-21 | 上海三零卫士信息安全有限公司 | 一种网络数据智能漂移引导***及其数据漂移引导方法 |
CN101034974A (zh) * | 2007-03-29 | 2007-09-12 | 北京启明星辰信息技术有限公司 | 基于时间序列和事件序列的关联分析攻击检测方法和装置 |
CN101242278A (zh) * | 2008-02-18 | 2008-08-13 | 华中科技大学 | 网络多步攻击意图在线识别方法 |
CN101272286A (zh) * | 2008-05-15 | 2008-09-24 | 上海交通大学 | 网络入侵事件关联检测方法 |
CN101697545A (zh) * | 2009-10-29 | 2010-04-21 | 成都市华为赛门铁克科技有限公司 | 安全事件关联方法、装置及网络服务器 |
Non-Patent Citations (1)
Title |
---|
王玉刚: "解析防火墙规则的专家***的研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111294233A (zh) * | 2018-12-11 | 2020-06-16 | 国网信息通信产业集团有限公司 | 网络告警统计分析方法、***及计算机可读存储介质 |
CN110362536A (zh) * | 2019-07-15 | 2019-10-22 | 北京工业大学 | 基于告警关联的日志密文检索方法 |
CN110809010A (zh) * | 2020-01-08 | 2020-02-18 | 浙江乾冠信息安全研究院有限公司 | 威胁信息处理方法、装置、电子设备及介质 |
CN112131249A (zh) * | 2020-09-28 | 2020-12-25 | 绿盟科技集团股份有限公司 | 一种攻击意图识别方法及装置 |
CN112887310A (zh) * | 2021-01-27 | 2021-06-01 | 华南理工大学 | 一种提升网络攻击风险评估效率的方法、设备及介质 |
CN112887310B (zh) * | 2021-01-27 | 2022-09-20 | 华南理工大学 | 一种提升网络攻击风险评估效率的方法、设备及介质 |
CN113489680A (zh) * | 2021-06-07 | 2021-10-08 | 广发银行股份有限公司 | 网络攻击威胁等级评估模型、评估方法、终端及介质 |
CN113489680B (zh) * | 2021-06-07 | 2023-10-24 | 广发银行股份有限公司 | 网络攻击威胁等级评估模型、评估方法、终端及介质 |
Also Published As
Publication number | Publication date |
---|---|
CN105681274B (zh) | 2019-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105681274A (zh) | 一种原始告警信息处理的方法及装置 | |
KR102210627B1 (ko) | 악성 프로세스 행동을 검출하기 위한 방법, 장치 및 시스템 | |
CN112819336B (zh) | 一种基于电力监控***网络威胁的量化方法及*** | |
CN104811447A (zh) | 一种基于攻击关联的安全检测方法和*** | |
US20170061126A1 (en) | Process Launch, Monitoring and Execution Control | |
CN109376537B (zh) | 一种基于多因子融合的资产评分方法及*** | |
CN105939311A (zh) | 一种网络攻击行为的确定方法和装置 | |
CN111181918B (zh) | 基于ttp的高风险资产发现和网络攻击溯源方法 | |
JP2016152594A (ja) | ネットワーク攻撃監視装置、ネットワーク攻撃監視方法、及びプログラム | |
CN108200095B (zh) | 互联网边界安全策略脆弱性确定方法及装置 | |
CN114143064B (zh) | 一种多源网络安全告警事件溯源与自动处置方法及装置 | |
CN112953917B (zh) | 一种网络攻击源识别方法、装置、计算机设备及存储介质 | |
CN101771582A (zh) | 一种基于状态机的安全监控关联分析方法 | |
KR101692982B1 (ko) | 로그 분석 및 특징 자동 학습을 통한 위험 감지 및 접근제어 자동화 시스템 | |
CN116842531B (zh) | 基于代码疫苗的漏洞实时验证方法、装置、设备及介质 | |
CN112131571B (zh) | 威胁溯源方法及相关设备 | |
CN116094817A (zh) | 一种网络安全检测***和方法 | |
CN114124587B (zh) | 一种攻击链的处理方法、***及电子设备 | |
CN114050937B (zh) | 邮箱服务不可用的处理方法、装置、电子设备及存储介质 | |
CN112615848B (zh) | 漏洞修复状态检测方法及*** | |
CN112153062B (zh) | 基于多维度的可疑终端设备检测方法及*** | |
CN111885088A (zh) | 基于区块链的日志监测方法及装置 | |
US20230018096A1 (en) | Analysis apparatus, analysis method, and non-transitory computer readable medium storing analysis program | |
CN116127453A (zh) | 一种apt攻击检测方法、***、装置、介质及设备 | |
CN112751863A (zh) | 一种攻击行为分析方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200313 Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Co-patentee after: NSFOCUS TECHNOLOGIES Inc. Patentee after: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Co-patentee after: Shenzhou Lvmeng Chengdu Technology Co.,Ltd. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Co-patentee before: NSFOCUS TECHNOLOGIES Inc. Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Co-patentee after: NSFOCUS TECHNOLOGIES Inc. Patentee after: NSFOCUS Technologies Group Co.,Ltd. Co-patentee after: Shenzhou Lvmeng Chengdu Technology Co.,Ltd. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Co-patentee before: NSFOCUS TECHNOLOGIES Inc. Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Co-patentee before: Shenzhou Lvmeng Chengdu Technology Co.,Ltd. |