Contextual Security with IF-MAP

Lakbabi, Abdelmajid; Orhanou, Ghizlane; Hajji, Saïd El

doi:10.14257/ijsia.2014.8.5.37

Cited by 3 publications

(1 citation statement)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… Log formats : To facilitate the correlation process and to offer a reliable automated event analysis, most researchers and security experts argue that vendors and producers should agree on the format and the syntax of security event records. For instance, the authors in (Lakbabi et al , 2014) propose to use the standard protocol IF-MAP to share in real-time security events between the central server and the security equipment in response to illegitimate activities. The main reason why the log format is a problem for the SIEM industry, is because each application (or source device) now has its own log file format that affects the quality of the analysis and the robustness of the correlation engine.…”

Section: Related Workmentioning

confidence: 99%

Mobile agent-based SIEM for event collection and normalization externalization

Moukafih

Orhanou

Hajji

2019

ICS

Self Cite

View full text Add to dashboard Cite

Purpose This paper aims to propose a mobile agent-based security information and event management architecture (MA-SIEM) that uses mobile agents for near real-time event collection and normalization on the source device. The externalization of the normalization process, executed by several distributed mobile agents on interconnected computers and devices, proposes a SIEM server dedicated mainly for correlation and analysis. Design/methodology/approach The architecture has been proposed in three stages. In the first step, the authors described the different aspects of the proposed approach. Then they implemented the proposed architecture and presented a new vision for the insertion of normalized data into the SIEM database. Finally, the authors performed a numerical comparison between the approach used in the proposed architecture and that of existing SIEM systems. Findings The results of the experiments showed that MA-SIEM systems are more efficient than existing SIEM systems because they leave the SIEM resources primarily dedicated to advanced correlation analysis. In addition, this paper takes into account realistic scenarios and use-cases and proposes a fully automated process for transferring normalized events in near real time to the SIEM server for further analysis using mobile agents. Originality/value The work provides new insights into the normalization security-related events using light mobile agents.

show abstract

Section: Related Workmentioning

confidence: 99%

Mobile agent-based SIEM for event collection and normalization externalization

Moukafih

Orhanou

Hajji

2019

ICS

Self Cite

View full text Add to dashboard Cite

show abstract

SIEM selection criteria for an efficient contextual security

Moukafih¹,

Soukainat

Lakbabi³

et al. 2017

2017 International Symposium on Networks, Computers and Communications (ISNCC)

View full text Add to dashboard Cite

Network Access Control and Collaborative Security Against APT and AET

Orhanou

Lakbabi

Moukafih

et al. 2018

Security and Privacy in Smart Sensor Networks

View full text Add to dashboard Cite

Cybercrime is rising due to the appearance of a new generation of attacks, APT and AET, and the reactionary aspect of the protection systems implemented in the IP networks. In this chapter, the authors analyze the gap between the innovative aspect of those attacks and the reactive aspect of the security measures put in place inside victim networks. The challenge is to shift this security aspect from reactive to proactive by adopting a collaborative approach based on NAC technology as a multi-level protection and IF-MAP as a security standard exchange protocol. First, a brief overview of NAC and IF-MAP is given. Then, the authors analyze the anatomy of these chained exploits and their escape techniques in order to propose an approach able to counter such attacks through the convergence towards a security ecosystem having the correlative intelligence to respond to challenges in real time and in a proactive way.

show abstract

Contextual Security with IF-MAP

Cited by 3 publications

References 3 publications

Mobile agent-based SIEM for event collection and normalization externalization

Mobile agent-based SIEM for event collection and normalization externalization

SIEM selection criteria for an efficient contextual security

Network Access Control and Collaborative Security Against APT and AET

Contact Info

Product

Resources

About