Publication detail

Methodology for Correlations Discovery in Security Logs

MARTINÁSEK, Z. BLAŽEK, P. ŠILHAVÝ, P. SMÉKAL, D.

Original Title

Methodology for Correlations Discovery in Security Logs

Type

conference paper

Language

English

Original Abstract

Record in security log should serve primarily to identify the events that indicate the potentially attacks or dangerous configurations posing a high risk of asset loss. In other words, the primary role of security log analysis is detecting an incident and generating an adequate response in order to mitigate the losses. Enormous problem that often occurs in practice lies in determining events that must be recorded in security log. Moreover, there is no general methodology that would help us with this crucial problem and therefore, security systems are often incorrectly implemented due to the lack of correct events specification. In this article, we propose our own methodology that can be utilized in order to identify the required security events. Our approach is based on theoretical risk assessments provided by NIST (National Institute of Standards and Technology) and more practical information provided by OWASP (Open Web Application Security Project). We have proven the functionality of the methodology by the practical application on the VPN (Virtual Private Network) connection utilizing the IPsec protocol during the research conducted for National Security Authority in the Czech Republic. However, this article focuses in particular on theoretical principle of the method. We believe that the methodology proposed is sufficiently universal to be utilized on various types of systems.

Keywords

Events, correlation, log, security, SIEM.

Authors

MARTINÁSEK, Z.; BLAŽEK, P.; ŠILHAVÝ, P.; SMÉKAL, D.

Released

8. 11. 2017

Location

Mnichov, Německo

ISBN

978-1-5386-3434-9

Book

2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)

Pages from

294

Pages to

298

Pages count

5

URL

BibTex

@inproceedings{BUT141213,
  author="Zdeněk {Martinásek} and Petr {Blažek} and Pavel {Šilhavý} and David {Smékal}",
  title="Methodology for Correlations Discovery in Security Logs",
  booktitle="2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)",
  year="2017",
  pages="294--298",
  address="Mnichov, Německo",
  doi="10.1109/ICUMT.2017.8255194",
  isbn="978-1-5386-3434-9",
  url="https://ieeexplore.ieee.org/document/8255194"
}