Virtual network security management and control method based on multistage alarm and linkage defense

The invention discloses a virtual network security control method based on multi-level alarm and linkage defense, and the method comprises the following steps: removing false alarms in original alarms according to attributes of the original alarms to obtain attack alarms; aggregating the attack alar...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ZHANG ZHENG, CAO WANTIAN, ZHOU CHENG, LI WEIWEI
Format: Patent
Sprache:chi ; eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a virtual network security control method based on multi-level alarm and linkage defense, and the method comprises the following steps: removing false alarms in original alarms according to attributes of the original alarms to obtain attack alarms; aggregating the attack alarms to obtain an aggregated alarm sequence; and based on the aggregated alarm sequence, obtaining an alarm association graph according to a Markov chain model and a frequent item set association rule. According to the method, firstly, false alarm removal and alarm aggregation preprocessing are carried out on alarms, so that redundant alarms are reduced, and the false alarm rate is reduced; and then correlation analysis is carried out on the alarms, the transition probability between the alarms is quantitatively and objectively calculated based on an alarm correlation method of a Markov chain and a frequent item set correlation rule, and logic correlation between alarm information is discovered, so an attack intentio