A Scalable SIEM Correlation Engine and Its Application to the Olympic Games IT Infrastructure
ARES '13 Proceedings of the 2013 International Conference on Availability, Reliability and Security(2013)
摘要
The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle gargantuan amounts of events or wide correlation window spans. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. This paper introduces a step forward in the current state of the art to address the aforementioned problems. The proposed model takes into account the two main aspects of this field: distributed correlation and query parallelization. We present a case study of a multiple-step attack on the Olympic Games IT infrastructure to illustrate the applicability of our approach.
更多查看译文
关键词
olympic games it infrastructure,scalable siem correlation engine,scalability,cep,complex it infrastructure,brute force,distributed correlation,wide correlation window span,security information and event management,it administrator,centralized servers,low and slow,it administrators,event management,security analysts,sport,file servers,query parallelization,siem,multiple-step attack,event streams,security analyst,large event stream,current correlation capability,complex event processing,olympic games,current state,it infrastructures,security event correlation scalability,query processing,security of data
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要