Near-miss situation based visual analysis of SIEM rules for real time network security monitoring
作者: Abdul Majeed , Raihan ur Rasool , Farooq Ahmad , Masoom Alam , Nadeem Javaid
DOI: 10.1007/S12652-018-0936-7
关键词:
摘要: Security information and event management (SIEM) systems are generally used to monitor the network for malicious activities. These capable of detecting a wide range activities in using built-in rules generate alerts on Although SIEM provide comprehensive reports about each alert including relevant details such as, severity score, events, events counts. However, key limitation is not presenting rule’s status real time before an raised. This paper presents novel visual tool that enables security analyst grasp visually, complete overview execution, circumstances may happen advance based near-miss situation. Apart from analysis, it also analysts explore reasoning behind organized efficient manner via questions. The essence approach evaluate visualize current rule execution according pre-compiled conditions time. We demonstrate utility our IBM QRadar data support informative analysis different time, questions insight story page.
springer.com
vu.edu.au
sci-hub.se 参考文章(65)
Nor Badrul Anuar, Maria Papadaki, Steve Furnell, Nathan Clarke, An investigation and survey of response options for Intrusion Response Systems (IRSs) information security for south africa. pp. 1- 8 ,(2010) , 10.1109/ISSA.2010.5588654
Xiaoxin Yin, William Yurcik, Michael Treaster, Yifan Li, Kiran Lakkaraju, VisFlowConnect: netflow visualizations of link relationships for security situational awareness visualization for computer security. pp. 26- 34 ,(2004) , 10.1145/1029208.1029214
Michael Rohs, Georg Essl, Which one is better? Proceedings of the 8th international conference on Multimodal interfaces - ICMI '06. pp. 100- 107 ,(2006) , 10.1145/1180995.1181016
Raydel Montesino, Stefan Fenz, Walter Baluja, SIEM‐based framework for security controls automation Information Management & Computer Security. ,vol. 20, pp. 248- 263 ,(2012) , 10.1108/09685221211267639
Linda Briesemeister, Steven Cheung, Ulf Lindqvist, Alfonso Valdes, Detection, correlation, and visualization of attacks against critical infrastructure systems conference on privacy, security and trust. pp. 15- 22 ,(2010) , 10.1109/PST.2010.5593242
Kun Sun, Sushil Jajodia, Jason Li, Yi Cheng, Wei Tang, Anoop Singhal, Automatic security analysis using security metrics military communications conference. pp. 1207- 1212 ,(2011) , 10.1109/MILCOM.2011.6127465
Olga Wenge, Ulrich Lampe, Christoph Rensing, Ralf Steinmetz, Security Information and Event Monitoring as a Service: a Survey on Current Concerns and Solutions Praxis Der Informationsverarbeitung Und Kommunikation. ,vol. 37, pp. 163- 170 ,(2014) , 10.1515/PIK-2014-0009
Amir Azodi, David Jaeger, Feng Cheng, Christoph Meinel, A New Approach to Building a Multi-tier Direct Access Knowledgebase for IDS/SIEM Systems 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing. pp. 118- 123 ,(2013) , 10.1109/DASC.2013.48
Richard Zuech, Taghi M Khoshgoftaar, Randall Wald, Intrusion detection and Big Heterogeneous Data: a Survey Journal of Big Data. ,vol. 2, pp. 3- ,(2015) , 10.1186/S40537-015-0013-4
S. Cheung, U. Lindqvist, M.W. Fong, Modeling multistep cyber attacks for scenario recognition darpa information survivability conference and exposition. ,vol. 1, pp. 284- 292 ,(2003) , 10.1109/DISCEX.2003.1194892