Skip to Main content Skip to Navigation
New interface
Conference papers

Data-Driven Field Mapping of Security Logs for Integrated Monitoring

Abstract : As industrial control system vulnerabilities and attacks increase, security controls must be applied to operational technologies. The growing demand for security threat monitoring and analysis techniques that integrate information from security logs has resulted in enterprise security management systems giving way to security information and event management systems. Nevertheless, it is vital to implement some form of pre-processing to collect, integrate and analyze security events efficiently. Operators still have to manually check entire security logs or write scripts or parsers that draw on domain knowledge, tasks that are time-consuming and error-prone.To address these challenges, this chapter focuses on the data-driven mapping of security logs to support the integrated monitoring of operational technology systems. The characteristics of security logs from security appliances used in critical infrastructure assets are analyzed to create a tool that maps different security logs to field categories to support integrated system monitoring. The tool reduces the effort needed by operators to manually process security logs even when the logged data generated by security appliances has new or modified formats.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, October 4, 2021 - 5:49:53 PM
Last modification on : Wednesday, November 3, 2021 - 7:05:58 AM
Long-term archiving on: : Wednesday, January 5, 2022 - 7:07:43 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Seungoh Choi, Yesol Kim, Jeong-Han Yun, Byung-Gil Min, Hyoung-Chun Kim. Data-Driven Field Mapping of Security Logs for Integrated Monitoring. 13th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2019, Arlington, VA, United States. pp.253-268, ⟨10.1007/978-3-030-34647-8_13⟩. ⟨hal-03364573⟩



Record views


Files downloads