A viable SIEM approach for Android

Scholzel, Markus; Eren, Evren; Detken, Kai-Oliver

doi:10.1109/idaacs.2015.7341414

Cited by 4 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Markus Scholzel et. al [12] carried out a similar study. Mobile devices such as smartphones and tablet PCs are increasingly used for business purposes.…”

Section: Literature Surveymentioning

confidence: 94%

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Yadav¹,

Mishra²

2021

JUSST

View full text Add to dashboard Cite

The field of information security plays an important role in education, IT, health domain, etc. Much research has been carried out in order to secure data in hardware, on the cloud, and during transmission over the network. A secure data transmission and securing the stored data is still taken as one of the concerned areas. Cloud-based SIEM is used nowadays, which is the art and science to secure the information of the organization. SIEM is Security Information and Event Management, which means securing the organization containing network devices and devices holding critical and sensitive information. In this paper, a survey is carried out to determine the gap in current security providers and areas that need attention. We take logs as input and send them to SIEM for analysis. Whether a SIEM is capable enough to determine the unknown threats and user behavior to identify insider threats. Also, terms such as EPS, False positive Rate, Mean Time to Resolution are used as compassion and aim to keep False positive rate and mean time resolution value low and EPS no restriction.

show abstract

“…Markus Scholzel et. al [12] carried out a similar study. Mobile devices such as smartphones and tablet PCs are increasingly used for business purposes.…”

Section: Literature Surveymentioning

confidence: 94%

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Yadav¹,

Mishra²

2021

JUSST

View full text Add to dashboard Cite

show abstract

“…Estas ferramentas tem como objetivo compilar e apresentar informações contidas em logs, além de informar aos responsáveis pelo monitoramento a ação necessária. Com a implantação de um sistema SIEM,é possível monitorar e responder de formaágil a eventos maliciosos detectados [Scholzel et al 2015]. Entretanto, SIEMs, muitas vezes, dependem de uma equipe especializada para analisar cada evento gerado e tomar a decisão de acordo com o incidente.…”

Section: Introductionunclassified

Extração e gerenciamento de incidentes em SIEM

Neu¹,

Trebien²,

Bertoglio³

et al. 2019

Anais Da XVII Escola Regional De Redes De Computadores (ERRC 2019)

View full text Add to dashboard Cite

Atualmente, o número e a diversidade de dispositivos conectados à internet continua aumentando. Consequentemente, o gerenciamento de segurança se tornou um grande desafio. Desta forma, o Gerenciamento de Eventos e Segurança da Informação (SIEM) pode ajudar a coletar e analisar eventos gerados por diferentes ferramentas de gerenciamento. No entanto, muitas vezes, estas ferramentas, dependem de uma força-tarefa humana especializada para analisar cada evento e fornecer uma decisão de acordo com o incidente. Além disso, o gerenciamento de alertas gerado geralmente não é eficiente nas soluções atuais. A fim de ajudar a lidar com essas questões, este artigo apresenta uma abordagem para gerenciar incidentes através de tickets relacionados a eventos crítico de segurança, seguindo o processo de Gerenciamento de Incidentes da Information Technology Infrastructure Library (ITIL).

show abstract

“…This paper introduces a viable approach for mobile device monitoring and an implementation for Android-based devices by presenting which data can be used and to which extent it is useful to collect data, extending the approach described in [1].…”

Section: Introductionmentioning

confidence: 99%

Monitoring Android Devices by Using Events and Metadata

Scholzel¹,

Eren²,

Detken³

et al. 2016

IJC

Self Cite

View full text Add to dashboard Cite

Mobile devices such as smartphones and tablet PCs are increasingly used for business purposes. However, the trustworthiness of the operating system and apps is controversial. They can constitute a threat to corporate networks and infrastructures, if they are not audited or monitored. The concept of port-based authentication using IEEE 802.1X restricts access and may provide statistical data about users entering or leaving a network, but it does not consider the threat devices can pose if they have already been authenticated and used. Security information and event management (SIEM) software has to incorporate information about mobile devices during their usage. Those devices have to gather and publish information to make this possible. This can be achieved by using a client on the mobile device, which is proposed here. It collects metadata including information about device specific data, platform or system state, which is sent via multiple supported protocols to a central SIEM component, where the data is analyzed in assessment procedures for threat analysis by using artificial intelligence and rule-sets.

show abstract

A viable SIEM approach for Android

Cited by 4 publications

References 6 publications

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Extração e gerenciamento de incidentes em SIEM

Monitoring Android Devices by Using Events and Metadata

Contact Info

Product

Resources

About