Challenges and Directions in Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) is the state-of-the-practice in handling heterogeneous data sources for security analysis. This paper presents challenges and directions in SIEM in the context of a real-life mission critical system by a top leading company in the Air Traffic Control domain. The system emits massive volumes of highly-unstructured text logs. We present the challenges in addressing such logs, ongoing work on the integration of an open source SIEM, and directions in modeling system behavioral baselines for inferring compromise indicators. Our explorative analysis paves the way for data discovery approaches aiming to complement the current SIEM practice.

[1]  Kurt Hornik,et al.  topicmodels : An R Package for Fitting Topic Models , 2016 .

[2]  Marcello Cinque,et al.  Entropy-Based Security Analytics: Measurements from a Critical Information System , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[3]  Domenico Cotroneo,et al.  Empirical Analysis and Validation of Security Alerts Filtering Techniques , 2019, IEEE Transactions on Dependable and Secure Computing.

[4]  David M. Nicol,et al.  Knowledge Discovery from Big Data for Intrusion Detection Using LDA , 2014, 2014 IEEE International Congress on Big Data.

[5]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[6]  Michael I. Jordan,et al.  Latent Dirichlet Allocation , 2001, J. Mach. Learn. Res..

[7]  Ravishankar K. Iyer,et al.  Analysis of security data from a large computing organization , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[8]  Pratyusa K. Manadhata,et al.  The Operational Role of Security Information and Event Management Systems , 2014, IEEE Security & Privacy.

[9]  Anita D. D'Amico,et al.  The Real Work of Computer Network Defense Analysts , 2007, VizSEC.

[10]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..