Skip to Main content Skip to Navigation
New interface
Conference papers

Data-Driven Field Mapping of Security Logs for Integrated Monitoring

Abstract : As industrial control system vulnerabilities and attacks increase, security controls must be applied to operational technologies. The growing demand for security threat monitoring and analysis techniques that integrate information from security logs has resulted in enterprise security management systems giving way to security information and event management systems. Nevertheless, it is vital to implement some form of pre-processing to collect, integrate and analyze security events efficiently. Operators still have to manually check entire security logs or write scripts or parsers that draw on domain knowledge, tasks that are time-consuming and error-prone.To address these challenges, this chapter focuses on the data-driven mapping of security logs to support the integrated monitoring of operational technology systems. The characteristics of security logs from security appliances used in critical infrastructure assets are analyzed to create a tool that maps different security logs to field categories to support integrated system monitoring. The tool reduces the effort needed by operators to manually process security logs even when the logged data generated by security appliances has new or modified formats.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03364573
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, October 4, 2021 - 5:49:53 PM
Last modification on : Wednesday, November 3, 2021 - 7:05:58 AM
Long-term archiving on: : Wednesday, January 5, 2022 - 7:07:43 PM

File

491841_1_En_13_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Seungoh Choi, Yesol Kim, Jeong-Han Yun, Byung-Gil Min, Hyoung-Chun Kim. Data-Driven Field Mapping of Security Logs for Integrated Monitoring. 13th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2019, Arlington, VA, United States. pp.253-268, ⟨10.1007/978-3-030-34647-8_13⟩. ⟨hal-03364573⟩

Share

Metrics

Record views

36

Files downloads

3