公开(公告)号：US20230396633A1

公开(公告)日：2023-12-07

申请号：US18204906

申请日：2023-06-01

Applicant: Hangzhou Dbappsecurity Co., Ltd.

Inventor： Jiangchuan LI ,  Si LI ,  Haijun JIN ,  Lei WANG ,  Zhuoqun WU

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: The present disclosure discloses a method and apparatus for detecting security event, and a non-transitory computer-readable storage medium, and relates to the field of big data. The method includes: acquiring a time window, and acquiring log data, wherein the time window is a rolling window in a preset period; matching the log data with a security event model in each time window, so as to generate a matching result set in each time window, wherein the security event model is a model comprising a plurality of rule models for identifying whether the log data has an attack behavior; and generating security event data according to the matching result set, so as to restore an attack process according to the security event data.