A scalable SIEM correlation engine and its application to the Olympic Games IT infrastructure

Autoria(s): Vianello, Valerio; Gulisano, Vincenzo Massimiliano; Jiménez-Peris, Ricardo; Patiño-Martínez, Marta
Data(s)

2013
Resumo

The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle gargantuan amounts of events or wide correlation window spans. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. This paper introduces a step forward in the current state of the art to address the aforementioned problems. The proposed model takes into account the two main aspects of this ?eld: distributed correlation and query parallelization. We present a case study of a multiple-step attack on the Olympic Games IT infrastructure to illustrate the applicability of our approach.
Formato

application/pdf
Identificador

http://oa.upm.es/25918/
Idioma(s)

spa
Publicador

Facultad de Informática (UPM)
Relação

http://oa.upm.es/25918/1/25918vianello_INVE_MEM.pdf

http://www.ares-conference.eu/ares2013/www.ares-conference.eu/conf/index.html

info:eu-repo/grantAgreement/EC/FP7/257495

S2009/TIC-1692

info:eu-repo/semantics/altIdentifier/doi/10.1109/ARES.2013.82
Direitos

http://creativecommons.org/licenses/by-nc-nd/3.0/es/

info:eu-repo/semantics/openAccess
Fonte

Eighth International Conference on Availability, Reliability and Security (ARES), 2013 | Eighth International Conference on Availability, Reliability and Security | 02-06 Sept 2013 | Regensburg, Alemania
Palavras-Chave #Informática
Tipo

info:eu-repo/semantics/conferenceObject

Ponencia en Congreso o Jornada

PeerReviewed
Acesso ao item digital