Detail publikace

Methodology for Correlations Discovery in Security Logs

MARTINÁSEK, Z. BLAŽEK, P. ŠILHAVÝ, P. SMÉKAL, D.

Originální název

Methodology for Correlations Discovery in Security Logs

Typ

článek ve sborníku ve WoS nebo Scopus

Jazyk

angličtina

Originální abstrakt

Record in security log should serve primarily to identify the events that indicate the potentially attacks or dangerous configurations posing a high risk of asset loss. In other words, the primary role of security log analysis is detecting an incident and generating an adequate response in order to mitigate the losses. Enormous problem that often occurs in practice lies in determining events that must be recorded in security log. Moreover, there is no general methodology that would help us with this crucial problem and therefore, security systems are often incorrectly implemented due to the lack of correct events specification. In this article, we propose our own methodology that can be utilized in order to identify the required security events. Our approach is based on theoretical risk assessments provided by NIST (National Institute of Standards and Technology) and more practical information provided by OWASP (Open Web Application Security Project). We have proven the functionality of the methodology by the practical application on the VPN (Virtual Private Network) connection utilizing the IPsec protocol during the research conducted for National Security Authority in the Czech Republic. However, this article focuses in particular on theoretical principle of the method. We believe that the methodology proposed is sufficiently universal to be utilized on various types of systems.

Klíčová slova

Events, correlation, log, security, SIEM.

Autoři

MARTINÁSEK, Z.; BLAŽEK, P.; ŠILHAVÝ, P.; SMÉKAL, D.

Vydáno

8. 11. 2017

Místo

Mnichov, Německo

ISBN

978-1-5386-3434-9

Kniha

2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)

Strany od

294

Strany do

298

Strany počet

5

URL

BibTex

@inproceedings{BUT141213,
  author="Zdeněk {Martinásek} and Petr {Blažek} and Pavel {Šilhavý} and David {Smékal}",
  title="Methodology for Correlations Discovery in Security Logs",
  booktitle="2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)",
  year="2017",
  pages="294--298",
  address="Mnichov, Německo",
  doi="10.1109/ICUMT.2017.8255194",
  isbn="978-1-5386-3434-9",
  url="https://ieeexplore.ieee.org/document/8255194"
}