Scalable Security Event Aggregation for Situation Analysis

Kim, Jin Oh; Moon, Ilhwan; Lee, Kyungil; Suh, Sang C.; Kim, Ikkyun

doi:10.1109/bigdataservice.2015.28

Cited by 5 publications

(5 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, in our method, in addition to the event aggregation and summarization time, the time for event normalization and filtration of noise events are also included in the reported execution time. It is worth noting that the high performance reported for the SEAS-MR method [45] is because this method is implemented and evaluated on a Hadoop cluster, which is beyond the scope of this paper. -The proposed method can aggregate events with minimal loss of security information, resulting in a small number of high-quality cluster events as output, that are of rich use to networks' administrators.…”

Section: Experimental Results On the Datasetsmentioning

confidence: 99%

See 1 more Smart Citation

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Ramaki,

Ghaemi-Bafghi,

Rasoolzadegan

2021

Preprint

View full text Add to dashboard Cite

Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of security and non-security sensors at different lines of defense (Network, Host, and Application) to track the attacker's behaviors during their kill chain. However, one of the drawbacks of this approach is the huge amount of events raised by heterogeneous security and non-security sensors which makes it difficult to analyze logged events for later processing i.e. event correlation for timely detection of APT attacks. Till now, some research papers have been published on event aggregation for reducing the volume of logged low-level events. However, most research works have been provided a method to aggregate the events of a single-type and homogeneous event source i.e. NIDS. In addition, their main focus is only on the degree to which the event volume is reduced, while the amount of security information lost during the event aggregation process is also very important. In this paper, we propose a three-phase event aggregation method to reduce the volume of logged heterogeneous events during APT attacks considering the lowest rate of loss of security information. To this aim, at first, low-level events of the sensors are clustered into some similar event groups and then, after filtering noisy event clusters, the remained clusters are summarized based on an Attribute-Oriented Induction (AOI) method in a controllable manner to reduce the unimportant or duplicated events. The method has been evaluated on the three publicly available datasets: SotM34, Bryant, and LANL. The experimental results show that the method is efficient enough in event aggregation and can reduce events volume up to 99.7% with an acceptable level of information loss ratio (ILR).Keywords Security event management • Event aggregation • Advanced persistent threat • Intrusion kill chain • Heterogeneous event logs.

show abstract

Section: Experimental Results On the Datasetsmentioning

confidence: 99%

“…Kim et al in [45] proposed a scalable security event aggregation system over MapReduce, called SEAM-MR. Their proposed system is based on big data technologies to deal with large-scale security data which are generated during modern attacks i.e. APTs.…”

Section: 4mentioning

confidence: 99%

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Ramaki,

Ghaemi-Bafghi,

Rasoolzadegan

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The data are collected over half of a year. Here we use the data from the last three months of the collection period (Sept. 16, 2015 to Dec. 14,2015) to test the awareness mechanism. The risk value RIS is defined to quantify the security situation.…”

Section: Methodsmentioning

confidence: 99%

“…al. [14] presented SEAS-MR scheme which is a Security Event Aggregation System over MapReduce. This work facilitates scalable security event aggregation for comprehensive situation analysis.…”

Section: Background and Related Workmentioning

confidence: 99%

“…On each transition from et to ut+1, there is also a reward bt+1, whose distribution depends on both states. The parameter of an approximate value function should be seeked, such that (14) where is feature vector characterizing state e. In addition, is the discount rate, which is a constant. Based on the temporal difference error, r can be updated as follows.…”

Section: Security Situational Awareness Based On Game Theory and Reinmentioning

confidence: 99%

See 1 more Smart Citation

Big Data Analysis-Based Security Situational Awareness for Smart Grid

Ota

Dong

et al. 2018

IEEE Trans. Big Data

123

View full text Add to dashboard Cite

Advanced communications and data processing technologies bring great benefits to the smart grid. However, cybersecurity threats also extend from the information system to the smart grid. The existing security works for smart grid focus on traditional protection and detection methods. However, a lot of threats occur in a very short time and overlooked by exiting security components. These threats usually have huge impacts on smart gird and disturb its normal operation. Moreover, it is too late to take action to defend against the threats once they are detected, and damages could be difficult to repair. To address this issue, this paper proposes a security situational awareness mechanism based on the analysis of big data in the smart grid. Fuzzy cluster based analytical method, game theory and reinforcement learning are integrated seamlessly to perform the security situational analysis for the smart grid. The simulation and experimental results show the advantages of our scheme in terms of high efficiency and low error rate for security situational awareness.

show abstract

A Comprehensive Survey on Big Data Technology Based Cybersecurity Analytics Systems

Saravanan

Prakash

2021

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Scalable Security Event Aggregation for Situation Analysis

Cited by 5 publications

References 31 publications

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Big Data Analysis-Based Security Situational Awareness for Smart Grid

A Comprehensive Survey on Big Data Technology Based Cybersecurity Analytics Systems

Contact Info

Product

Resources

About