Přístupnostní navigace
E-application
Search Search Close
Publication detail
MARTINÁSEK, Z. BLAŽEK, P. ŠILHAVÝ, P. SMÉKAL, D.
Original Title
Methodology for Correlations Discovery in Security Logs
Type
conference paper
Language
English
Original Abstract
Record in security log should serve primarily to identify the events that indicate the potentially attacks or dangerous configurations posing a high risk of asset loss. In other words, the primary role of security log analysis is detecting an incident and generating an adequate response in order to mitigate the losses. Enormous problem that often occurs in practice lies in determining events that must be recorded in security log. Moreover, there is no general methodology that would help us with this crucial problem and therefore, security systems are often incorrectly implemented due to the lack of correct events specification. In this article, we propose our own methodology that can be utilized in order to identify the required security events. Our approach is based on theoretical risk assessments provided by NIST (National Institute of Standards and Technology) and more practical information provided by OWASP (Open Web Application Security Project). We have proven the functionality of the methodology by the practical application on the VPN (Virtual Private Network) connection utilizing the IPsec protocol during the research conducted for National Security Authority in the Czech Republic. However, this article focuses in particular on theoretical principle of the method. We believe that the methodology proposed is sufficiently universal to be utilized on various types of systems.
Keywords
Events, correlation, log, security, SIEM.
Authors
MARTINÁSEK, Z.; BLAŽEK, P.; ŠILHAVÝ, P.; SMÉKAL, D.
Released
8. 11. 2017
Location
Mnichov, Německo
ISBN
978-1-5386-3434-9
Book
2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)
Pages from
294
Pages to
298
Pages count
5
URL
https://ieeexplore.ieee.org/document/8255194
BibTex
@inproceedings{BUT141213, author="Zdeněk {Martinásek} and Petr {Blažek} and Pavel {Šilhavý} and David {Smékal}", title="Methodology for Correlations Discovery in Security Logs", booktitle="2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)", year="2017", pages="294--298", address="Mnichov, Německo", doi="10.1109/ICUMT.2017.8255194", isbn="978-1-5386-3434-9", url="https://ieeexplore.ieee.org/document/8255194" }