SIEM Based on Big Data Analysis

Information security problem being more and more serious, plenty of data about security being produced fast, the Security Information and Event Management (SIEM) systems have faced with diversity of Volume Big data sources, so it is necessary that big data analysis should be used. This paper presents the architecture and principle of SIEM systems which use popular big data technology. The information security data is transferred from flume to Flink or Spark Computing Framework through Kafka and is retrieved through Elastic Research. The K-means algorithm is used in analyzing the abnormal condition with spark mllib. The report of experiment and results of SIEM shows it is efficient systems process big data to detect security anomaly. In the end, the full paper is summarized and the future work should be the usage of stream computing in the SIEM to solve inform security problem in large-scale network with the continuously producing information security data.