A scalable SIEM correlation engine and its application to the Olympic Games IT infrastructure

Vianello, Valerio and Gulisano, Vincenzo Massimiliano and Jiménez-Peris, Ricardo and Patiño-Martínez, Marta (2013). A scalable SIEM correlation engine and its application to the Olympic Games IT infrastructure. In: "Eighth International Conference on Availability, Reliability and Security", 02-06 Sept 2013, Regensburg, Alemania. pp. 625-629. https://doi.org/10.1109/ARES.2013.82.

Description

Title: A scalable SIEM correlation engine and its application to the Olympic Games IT infrastructure
Author/s:
  • Vianello, Valerio
  • Gulisano, Vincenzo Massimiliano
  • Jiménez-Peris, Ricardo
  • Patiño-Martínez, Marta
Item Type: Presentation at Congress or Conference (Article)
Event Title: Eighth International Conference on Availability, Reliability and Security
Event Dates: 02-06 Sept 2013
Event Location: Regensburg, Alemania
Title of Book: Eighth International Conference on Availability, Reliability and Security (ARES), 2013
Date: 2013
Subjects:
Freetext Keywords: SIEM - CEP - Complex Event Processing - Scalability Olympic Games
Faculty: Facultad de Informática (UPM)
Department: Lenguajes y Sistemas Informáticos e Ingeniería del Software
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

[img]
Preview
PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (540kB) | Preview

Abstract

The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle gargantuan amounts of events or wide correlation window spans. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. This paper introduces a step forward in the current state of the art to address the aforementioned problems. The proposed model takes into account the two main aspects of this ?eld: distributed correlation and query parallelization. We present a case study of a multiple-step attack on the Olympic Games IT infrastructure to illustrate the applicability of our approach.

Funding Projects

TypeCodeAcronymLeaderTitle
FP7257495MASSIFUnspecifiedMAnagement of Security information and events in Service InFrastructures
Madrid Regional GovernmentS2009/TIC-1692UnspecifiedUnspecifiedUnspecified

More information

Item ID: 25918
DC Identifier: http://oa.upm.es/25918/
OAI Identifier: oai:oa.upm.es:25918
DOI: 10.1109/ARES.2013.82
Official URL: http://www.ares-conference.eu/ares2013/www.ares-conference.eu/conf/index.html
Deposited by: Memoria Investigacion
Deposited on: 10 Jun 2014 07:36
Last Modified: 04 Dec 2017 11:05
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM