Using Security Logs for Collecting and Reporting Technical Security Metrics

During recent years, establishing proper metrics for measuring system security has received increasing attention. Security logs contain vast amounts of information which are essential for creating many security metrics. Unfortunately, security logs are known to be very large, making their analysis a difficult task. Furthermore, recent security metrics research has focused on generic concepts, and the issue of collecting security metrics with log analysis methods has not been well studied. In this paper, we will first focus on using log analysis techniques for collecting technical security metrics from security logs of common types (e.g., Network IDS alarm logs, workstation logs, and Net flow data sets). We will also describe a production framework for collecting and reporting technical security metrics which is based on novel open-source technologies for big data.

[1]  Colin J. Fidge,et al.  Security Metrics for Object-Oriented Class Designs , 2009, 2009 Ninth International Conference on Quality Software.

[2]  Reijo Savola,et al.  A visualization and modeling tool for security metrics and measurements management , 2011, 2011 Information Security for South Africa.

[3]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[4]  Paulo Lício de Geus,et al.  A methodology for management of cloud computing using security criteria , 2012, 2012 IEEE Latin America Conference on Cloud Computing and Communications (LatinCloud).

[5]  Stewart Kowalski,et al.  Information Security Metrics: Research Directions , 2011 .

[6]  R. Vaarandi Detecting anomalous network traffic in organizational private networks , 2013, 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[7]  Risto Vaarandi,et al.  Network IDS alert classification with frequent itemset mining and data clustering , 2010, 2010 International Conference on Network and Service Management.

[8]  Brian Trammell,et al.  Peeling Away Timing Error in NetFlow Data , 2011, PAM.

[9]  Gary Hinson,et al.  PRAGMATIC Security Metrics: Applying Metametrics to Information Security , 2013 .

[10]  Miles A. McQueen,et al.  Ideal Based Cyber Security Technical Metrics for Control Systems , 2007, CRITIS.

[11]  Wouter Joosen,et al.  Using Security Patterns to Combine Security Metrics , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[12]  John T. Michalski,et al.  Cyber Threat Metrics , 2012 .

[13]  R. Vaarandi,et al.  Comparative Analysis of Open-Source Log Management Solutions for Security Monitoring and Network Forensics , 2013 .

[14]  Aiko Pras,et al.  Measurement Artifacts in NetFlow Data , 2013, PAM.

[15]  Karen A. Scarfone,et al.  Cyber Security Metrics and Measures , 2008 .

[16]  R. Vaarandi Simple Event Correlator for real-time security log monitoring , 2006 .

[17]  John K Munro,et al.  Cybersecurity through Real-Time Distributed Control Systems , 2010 .