Normalizing Security Events with a Hierarchical Knowledge Base

Abstract : An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
Type de document :
Communication dans un congrès
Raja Naeem Akram; Sushil Jajodia. 9th Workshop on Information Security Theory and Practice (WISTP), Aug 2015, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-9311, pp.237-248, 2015, Information Security Theory and Practice. 〈10.1007/978-3-319-24018-3_15〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01442546
Contributeur : Hal Ifip <>
Soumis le : vendredi 20 janvier 2017 - 16:47:48
Dernière modification le : vendredi 20 janvier 2017 - 16:52:45
Document(s) archivé(s) le : vendredi 21 avril 2017 - 16:20:56

Fichier

978-3-319-24018-3_15_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

David Jaeger, Amir Azodi, Feng Cheng, Christoph Meinel. Normalizing Security Events with a Hierarchical Knowledge Base. Raja Naeem Akram; Sushil Jajodia. 9th Workshop on Information Security Theory and Practice (WISTP), Aug 2015, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-9311, pp.237-248, 2015, Information Security Theory and Practice. 〈10.1007/978-3-319-24018-3_15〉. 〈hal-01442546〉

Partager

Métriques

Consultations de la notice

70

Téléchargements de fichiers

108