Challenges and Directions in Security Information and Event Management (SIEM)

被引：12

作者：

Cinque, Marcello ^{[1
,2
]}

Cotroneo, Domenico ^{[1
,2
]}

Pecchia, Antonio ^{[1
,2
]}

机构：

[1] Univ Napoli Federico II, Dipartimento Ingn Elettr & Tecnol Informaz, Via Claudio 21, I-80125 Naples, Italy

[2] Critiware Srl, Via Carlo Poerio 89-A, I-80121 Naples, Italy

来源：

2018 29TH IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW) | 2018年

关键词：

SIEM; security; log analysis; information retrieval; Latent Dirichlet Allocation;

D O I：

10.1109/ISSREW.2018.00-24

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Security Information and Event Management (SIEM) is the state-of-the-practice in handling heterogeneous data sources for security analysis. This paper presents challenges and directions in SIEM in the context of a real-life mission critical system by a top leading company in the Air Traffic Control domain. The system emits massive volumes of highly-unstructured text logs. We present the challenges in addressing such logs, ongoing work on the integration of an open source SIEM, and directions in modeling system behavioral baselines for inferring compromise indicators. Our explorative analysis paves the way for data discovery approaches aiming to complement the current SIEM practice.

引用

页码：95 / 99

页数：5

共 50 条

[1] SPEAR SIEM: A Security Information and Event Management system for the Smart Grid
Radoglou-Grammatikis, Panagiotis
Sarigiannidis, Panagiotis
Iturbe, Eider
Rios, Erkuden
Martinez, Saturnino
Sarigiannidis, Antonios
Eftathopoulos, Georgios
Spyridis, Yannis
Sesis, Achilleas
Vakakis, Nikolaos
Tzovaras, Dimitrios
Kafetzakis, Emmanouil
Giannoulakis, Ioannis
Tzifas, Michalis
Giannakoulias, Alkiviadis
Angelopoulos, Michail
Ramos, Francisco
[J]. COMPUTER NETWORKS, 2021, 193
[2] MANAGEMENT OF INFORMATION SECURITY: CHALLENGES AND RESEARCH DIRECTIONS
Choobineh, Joobin
Dhillon, Gurpreet
Grimaila, Michael R.
Rees, Jackie
[J]. COMMUNICATIONS OF THE ASSOCIATION FOR INFORMATION SYSTEMS, 2007, 20 : 958 - 971
[3] Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures
Gonzalez-Granadillo, Gustavo
Gonzalez-Zarzosa, Susana
Diaz, Rodrigo
[J]. SENSORS, 2021, 21 (14)
[4] A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)
AlSabbagh, Bilal
Kowalski, Stewart
[J]. 2016 EUROPEAN INTELLIGENCE AND SECURITY INFORMATICS CONFERENCE (EISIC), 2016, : 192 - 195
[5] EDO4SIEM - A PROCEDURE MODEL FOR THE IMPLEMENTATION OF SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS IN ORGANISATIONS
Rosenberg, Maximilian
Schneider, Bettina
Scherb, Christopher
Asprion, Petra Maria
[J]. IADIS-INTERNATIONAL JOURNAL ON COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2024, 19 (01): : 31 - 47
[6] Security Information and Event Management -Capabilities, Challenges and Event Analysis in the Complex IT System
Zgela, Mario
Penga, Ivan
[J]. CENTRAL EUROPEAN CONFERENCE ON INFORMATION AND INTELLIGENT SYSTEMS (CECIIS 2019), 2019, : 259 - 266
[7] XML Schema-Based Minification for Communication of Security Information and Event Management (SIEM) Systems in Cloud Environments
Moussa, Bishoy
Mostafa, Mahmoud
El-Khouly, Mahmoud
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2014, 5 (09) : 74 - 82
[8] Challenges for the comprehensive and integrated information security management
Anttila, Juhani
Jussila, Kari
[J]. 2017 13TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2017, : 586 - 589
[9] Challenges and Best Practices in Information Security Management
McLaughlin, Mark-David
Gogan, Janis
[J]. MIS QUARTERLY EXECUTIVE, 2018, 17 (03) : 237 - 262
[10] The Operational Role of Security Information and Event Management Systems
Bhatt, Sandeep
Manadhata, Pratyusa K.
Zomlot, Loai
[J]. IEEE SECURITY & PRIVACY, 2014, 12 (05) : 35 - 41

← 1 2 3 4 5 →