Skip to Main content Skip to Navigation
Conference papers

Correlation of security events based on the analysis of structures of event types

Abstract : The paper studies the process of correlation for SIEM systems based on analyzing the structures of security event types. The approach to automated analysis of security events as input data with dynamic content is proposed. For the automated analysis of events the paper suggests to build a graph of types of events with direct and indirect links between them. Processing of security input data means performing functional and behavioral analysis by computing the frequency-time characteristics of events, their ranking and building of patterns of behavior. The proposed approach allows to use a previously not applied method of rank correlation, alongside with other intelligent methods. The requirements to the normalization of original data are formulated. An example of the analysis of the security event log and the generated graph of event types are provided.
Complete list of metadata

https://hal.laas.fr/hal-02115860
Contributor : Didier El Baz <>
Submitted on : Tuesday, April 30, 2019 - 3:14:20 PM
Last modification on : Thursday, June 10, 2021 - 3:02:55 AM

File

scan145632.pdf
Files produced by the author(s)

Identifiers

Citation

Andrey Fedorchenko, Igor Kotenko, Didier El Baz. Correlation of security events based on the analysis of structures of event types. 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS 2017), Sep 2017, Bucharest, Romania. pp.270-276, ⟨10.1109/IDAACS.2017.8095089⟩. ⟨hal-02115860⟩

Share

Metrics

Record views

110

Files downloads

196