	US 12,328,330 B1
	Alarm data processing method, apparatus, medium and electronic device
Wei Zeng, Beijing (CN); Jing Wen, Beijing (CN); Ting Cai, Beijing (CN); Songyuan Guan, Beijing (CN); and Weichao Guo, Beijing (CN)
Assigned to BEIJING VOLCANO ENGINE TECHNOLOGY CO., LTD., Beijing (CN)
Filed by Beijing Volcano Engine Technology Co., Ltd., Beijing (CN)
Filed on Nov. 26, 2024, as Appl. No. 18/961,324.
Claims priority of application No. 202410195543.7 (CN), filed on Feb. 21, 2024.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1425 (2013.01)

18 Claims

1. An alarm data processing method, comprising:

obtaining a plurality of pieces of alarm data to be processed;

filtering out pieces of false alarm data and/or pieces of alarm data of a business scenario that is not concerned from the plurality of pieces of alarm data;

for each piece of alarm data of at least a portion of the plurality of pieces of alarm data obtained after filtering, extracting threat indicators from the piece of alarm data, wherein the extracting threat indicators from the piece of alarm data comprises:

extracting the threat indicators from the piece of alarm data by a machine learning-based classification model and a plurality of regular expression-based extraction models respectively, wherein the plurality of regular expression-based extraction models comprise an attack type-based regular expression expert model and at least one universal regular expression-based universal model; and

generating a threat indicator extraction result of the piece of alarm data according to a first extraction result of the classification model and a second extraction result of each of the extraction models; and

for each threat indicator of at least a portion of the threat indicators that are extracted, performing data correlation analysis on the threat indicator to correlate pieces of historical data related to the threat indicator.