Přístupnostní navigace
E-přihláška
Vyhledávání Vyhledat Zavřít
Detail publikace
MARTINÁSEK, Z. BLAŽEK, P. ŠILHAVÝ, P. SMÉKAL, D.
Originální název
Methodology for Correlations Discovery in Security Logs
Typ
článek ve sborníku ve WoS nebo Scopus
Jazyk
angličtina
Originální abstrakt
Record in security log should serve primarily to identify the events that indicate the potentially attacks or dangerous configurations posing a high risk of asset loss. In other words, the primary role of security log analysis is detecting an incident and generating an adequate response in order to mitigate the losses. Enormous problem that often occurs in practice lies in determining events that must be recorded in security log. Moreover, there is no general methodology that would help us with this crucial problem and therefore, security systems are often incorrectly implemented due to the lack of correct events specification. In this article, we propose our own methodology that can be utilized in order to identify the required security events. Our approach is based on theoretical risk assessments provided by NIST (National Institute of Standards and Technology) and more practical information provided by OWASP (Open Web Application Security Project). We have proven the functionality of the methodology by the practical application on the VPN (Virtual Private Network) connection utilizing the IPsec protocol during the research conducted for National Security Authority in the Czech Republic. However, this article focuses in particular on theoretical principle of the method. We believe that the methodology proposed is sufficiently universal to be utilized on various types of systems.
Klíčová slova
Events, correlation, log, security, SIEM.
Autoři
MARTINÁSEK, Z.; BLAŽEK, P.; ŠILHAVÝ, P.; SMÉKAL, D.
Vydáno
8. 11. 2017
Místo
Mnichov, Německo
ISBN
978-1-5386-3434-9
Kniha
2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)
Strany od
294
Strany do
298
Strany počet
5
URL
https://ieeexplore.ieee.org/document/8255194
BibTex
@inproceedings{BUT141213, author="Zdeněk {Martinásek} and Petr {Blažek} and Pavel {Šilhavý} and David {Smékal}", title="Methodology for Correlations Discovery in Security Logs", booktitle="2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)", year="2017", pages="294--298", address="Mnichov, Německo", doi="10.1109/ICUMT.2017.8255194", isbn="978-1-5386-3434-9", url="https://ieeexplore.ieee.org/document/8255194" }