论文信息 - Improving the Automation of Security Information Management: A Collaborative Approach

Improving the Automation of Security Information Management: A Collaborative Approach

Many preventive security measures purport to protect networks from cyber intrusions. These adopted measures can generate a large amount of information that should be stored and analyzed to enable responses to detected attacks. Security information and event managers (SIEMs) are indispensable for collecting all of a system's security-related information in a central repository. This can then provide trend analysis and lead analysts to adopt appropriate actions. A collaborative work approach lets SIEMs of different trusted domains share alarms and their countermeasures. By sharing alarms and adopted measures in domains with similar profiles, the authors hope to enhance a global view of the security and facilitate decision making for security-domain administrators.

Sergio Alonso | Idoia Aguirre

[1] Julien Bourgeois,et al. A Global Security Architecture for Intrusion Detection on Computer Networks , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[2] Patrick O'Reilly. Computer Security Division 2009 Annual Report , 2010 .

[3] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4] Ramakrishna Thurimella,et al. A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures , 2006, RAID.

[5] Hiroki Takakura,et al. A Comprehensive Approach to Detect Unknown Attacks Via Intrusion Detection Alerts , 2007, ASIAN.

[6] Kelly M. Kavanagh,et al. Magic Quadrant for Security Information and Event Management , 2011 .

[7] Xiangliang Zhang,et al. Processing of massive audit data streams for real-time anomaly intrusion detection , 2008, Comput. Commun..

[8] Dong Li,et al. Assessing Attack Threat by the Probability of Following Attacks , 2007, 2007 International Conference on Networking, Architecture, and Storage (NAS 2007).

[9] E. Hooper,et al. Intelligent techniques for network sensor information processing in large-scale network infrastructures , 2008, 2008 International Conference on Intelligent Sensors, Sensor Networks and Information Processing.

[10] Rituparna Chaki,et al. Intrusion Detection in Wireless Ad-Hoc Networks , 2014 .