Partial rule security information and event management concept in detecting cyber incidents

被引：1

作者：

Jokić A. ^{[1
]}

Baraković S. ^{[2
,3
]}

Husić J.B. ^{[3
]}

Pleho J. ^{[4
]}

机构：

[1] Qatar Business Systems, D-Ring Road Branch, Doha

[2] Ministry of Security of Bosnia and Herzegovina, Trg BiH 1, Sarajevo

[3] University of Sarajevo, Zmaja od Bosne, Sarajevo

[4] KING ICT, Aleja Bosne Srebrene 34, Sarajevo

来源：

International Journal of Security and Networks | 2021年 / 16卷 / 02期

关键词：

Cyber attack; Detection; Exfiltration; Partial rule; Security; SIEM; Visibility;

D O I：

10.1504/IJSN.2021.116777

中图分类号：

学科分类号：

摘要：

Information communication technologies are evolving rapidly and have huge impact on everyday life. This does not come without dangers, i.e., it is actively followed by wide range of malicious activities that impact the companies forcing them to protect their information at all costs. Cyber attacks today are usually consisting of multiple carefully planned hardly detectable steps causing severe damage to companies. This paper examines the capability of security information and event management (SIEM) system with applied partial rules in detecting the multi-step attacks. Fine tuning was focused on detecting partial attack patterns that were important and specific to environment and positive results were gained. The results show that when using the partial rule approach in SIEM for incident detection, the number of detected advanced multistage cyber attacks has increased, thereby contributing to the overall security in cyber space. Copyright © 2021 Inderscience Enterprises Ltd.

引用

页码：117 / 128

页数：11

共 37 条

[1]

Al-shawi M., Laurent A., Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide: (CCDP ARCH 300-320), (2017)

[2]

Enterprise Security Manager (ESM), (2019)

[3]

AT&T Cybersecurity, (2019)

[4]

Ben Mustapha Y., Alert Correlation Towards An Efficient Response Decision Support, (2015)

[5]

Berk V., Giani A., Cybenko G., Detection of Covert Channel Encoding in Network Packet Delays, (2005)

[6]

Bocetta S., Fighting Back: Why the Cybersecurity Market is Seeing Explosive Growth, (2019)

[7]

Cole E., Insider Threats and the Need for Fast and Directed Response, (2015)

[8]

Gabriel R., Hoppe T., Pastwa A., Sowa S., Analyzing malware log data to support security information and event management: some research results, Proceedings of the First International Conference on Advances in Databases, Knowledge, and Data Applications, (2009)

[9]

IBM QRadar Security Intelligence Platform, (2019)

[10]

SIEM V7.2.8 Product Documentation, (2016)

← 1 2 3 4 →