Correlation of security events based on the analysis of structures of event types - LAAS - Laboratoire d'Analyse et d'Architecture des Systèmes Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

Correlation of security events based on the analysis of structures of event types

Résumé

The paper studies the process of correlation for SIEM systems based on analyzing the structures of security event types. The approach to automated analysis of security events as input data with dynamic content is proposed. For the automated analysis of events the paper suggests to build a graph of types of events with direct and indirect links between them. Processing of security input data means performing functional and behavioral analysis by computing the frequency-time characteristics of events, their ranking and building of patterns of behavior. The proposed approach allows to use a previously not applied method of rank correlation, alongside with other intelligent methods. The requirements to the normalization of original data are formulated. An example of the analysis of the security event log and the generated graph of event types are provided.
Fichier principal
Vignette du fichier
scan145632.pdf (1.62 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-02115860 , version 1 (30-04-2019)

Identifiants

Citer

Andrey Fedorchenko, Igor Kotenko, Didier El Baz. Correlation of security events based on the analysis of structures of event types. 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS 2017), Sep 2017, Bucharest, Romania. pp.270-276, ⟨10.1109/IDAACS.2017.8095089⟩. ⟨hal-02115860⟩
61 Consultations
18 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More