Skip to content 
GrandhooDaSanGuan Network Security Analysis
Overview
With the development of network information system, the security problem becomes more and more complicated. DaSanGuan system builds network security analysis solutions through self-innovative machine learning embedded graph association rules, intelligent recommendation model introducing logical conditions, enhanced graph computation, and distributed graph computation architecture supporting localized graph algorithm centers. The scheme traces the source of network threats and abnormal traffic, in-depth mining and analysis, provides analysis reports and forecast alarms, so as to ensure the safe and efficient operation of the business network, support system and the entire information system.
Challenges
Lack of data fusion analysis capability of multi-computer security devices, which makes it difficult to discover advanced threats (new network attacks).
The accuracy of alarm validity determination is low because the alarm validity determination relies too much on manpower. The decision results using black box machine learning lack interpretability and have limited accuracy.
The fusion query of massive text data and network topology is slow, and the real-time processing capability of the system is poor, and the response is not timely.
The threat detection capability based on time series is insufficient, and the detection of predictive events is few and the accuracy is low.
Architecture
Benefits
Support a variety of network security devices (WAF, IPS, SIP, Tianyan, Tianqing, etc.) data fusion analysis, with a wide range of applicable and compatible capabilities.
Based on the original REE theory and combined with industry prior knowledge, it can realize the automatic discovery of rules and field standards, thus replacing a large number of manual handwritten rules and improving efficiency. Graph association analysis embedded in machine learning solves the problems of low automation rate, difficult association, unexplainable, and low accuracy.
Based on the self-developed distributed graph storage and distributed graph computing framework, it can automatically map and efficiently mine rules at billion-level points and edges, and realize fast log text retrieval and association.
The graph algorithm based on time sequence finds the time sequence characteristics of high-risk events and gives early warning.