A Case Study on Converged Security with Event Correlation of Physical and Information Security

Today’s security initiatives have encouraged incorporation of physical security and information security into converged security for greater effectiveness and capabilities. However, efforts for converging security have largely limited to the issues of the organizational structure with respect to streamlining processes and abstract frameworks for security management. To go beyond just a buzz word of converged security, it should be necessary to bring significant technical merits from this convergence. In this work, we consider “event correlations” that examine any associations between events coming from the above two distinctive worlds to provide greater capabilities for preventing unauthorized access to high-security computers, as a tangible step towards convergence of security. For this purpose, we introduce our approach using event categorization that maps physical events to a finite number of classes (five) instead of considering event types individually for feasibility, and also show how to define correlation rules with the categories. In addition, we present our prototype system that implements the incorporation of two typical physical security entities: a door/gate access control and a video surveillance system. Our exploration presented in this paper would be beneficial for guiding future development of a diverse range of converged security functions.

[1]  Cristina L. Abad,et al.  Log correlation for intrusion detection: a proof of concept , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[2]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[3]  Henry Chang,et al.  Complex Event Processing using Simple Rule-based Event Correlation Engines for Business Performance Management , 2006, The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE'06).

[4]  G. Cybenko,et al.  Temporal and spatial distributed event correlation for network security , 2004, Proceedings of the 2004 American Control Conference.

[5]  G. Jakobson,et al.  Alarm correlation , 1993, IEEE Network.

[6]  Sean W. Smith,et al.  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems , 2008, SEC.

[7]  Syed M. Rahman,et al.  Convergence of Corporate and Information Security , 2010, ArXiv.

[8]  Andreas Abecker,et al.  The role of ontologies in autonomic computing systems , 2004, IBM Syst. J..

[9]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[10]  Yarden Livnat,et al.  A visualization paradigm for network intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[11]  Ning Lu,et al.  Smart-grid security issues , 2010, IEEE Security & Privacy.

[12]  Yue Wang,et al.  Design and Implementation of Server Monitoring System Based on SNMP , 2009, 2009 International Joint Conference on Artificial Intelligence.