A Hierarchical Architectural Model for Network Security Exploring Situational Awareness

Often network security technologies used by organizations for securing their computational systems are deficient in providing holistic view of the environment. Based on this, our paper presents an architectural model based on a Situational Awareness approach for securing computational systems in distributed environments. The architecture is called EXEHDA-ISSA and is inspired by SIEM systems. It is composed of three modular software components called Collector, SmartLogger, and Manager. These components are interconnected following a multi-level hierarchical model and provide features such as event collection, hybrid event processing and a hybrid approach to contextual data storage. For the purpose of evaluating this proposal, four case studies were developed to validate the holistic view of security events as well as the model's characteristics such as flexibility, autonomy, scalability and the support to heterogeneity. Finally, the strengths and limitations of our approach are discussed, then followed by future works.