A BI Solution to Identify Vulnerabilities and Detect Real-Time Cyber-Attacks for an Academic CSIRT

Reyes, Francsico; Fuertes, Walter; Tapia, Freddy; Toulkeridis, Theofilos; Aules, Hernán; Pérez, Ernesto

doi:10.1007/978-3-030-01177-2_82

Cited by 4 publications

(2 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Russia, Krivo executed a study, whose objective was to provide effective monitoring of security incidents, through a system of key performance indicators (KPIs), which worked with a sample composed of 5,427 incident reports, where the impact of certain measures was tracked through data management tools, concluding that the BI tool allowed to obtain a set of dashboards and a visual-descriptive analysis of a wide data information [17]. In addition, Reyes conducted a study in Ecuador, focused on the process of BI technology, which allowed the reduction of malicious activities in the system, for this the Ralph Kimball method was used, encompassing the ETL and online analytical processing (OLAP) process, also the sample was composed of 54 data obtained in real time, resulting in the BI managed to improve the degree of security of the institutions, through the rapid processing of information [18], which allowed the real-time visualization of incidents that may occur in the network, in order to establish control measures. Finally, in the United States, a study was conducted on government security for the prevention of criminal actions in consumers through the use of technology that helps in the prediction of crimes, taking into account 2,142,865 incidents from 2003-2017 in the United States.…”

Section: Related Workmentioning

confidence: 99%

Impact of business intelligence on incident management in the control center of a security company

Daza,

De la Paz Ttito,

Alarcón Cajas

2024

Bulletin EEI

View full text Add to dashboard Cite

The main objective of this article is to implement business intelligence (BI) technology to improve incident management in the control center of a security company; making use of the Ralph Kimball method for the development of the data mart, contemplating the phases: planning of projects, definition of requirements, design of technological architecture, performing a dimensional modeling a star with 9 dimensions and 1 table made, also used the structured query language (MySQL) database, extract, transform, and load (ETL). Development the pentaho data integration, which allowed the migration, transformation and cleaning of the data from the online transaction processing (OLTP) and online analytical processing (OLAP) database, obtaining as a result that the BI managed to increase the level of the service by 28.42% and reducing the frequency index by 25%.

show abstract

Section: Related Workmentioning

confidence: 99%

Impact of business intelligence on incident management in the control center of a security company

Daza,

De la Paz Ttito,

Alarcón Cajas

2024

Bulletin EEI

View full text Add to dashboard Cite

show abstract

“…The work [18] introduces a system for automated report generation for university CERT teams. However this work does not provide proposals for measures for problem solving.…”

Section: Related Workmentioning

confidence: 99%

NERD: Neural Network for Edict of Risky Data Streams

Passarelli

Cem

Stiemert

et al. 2019

2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)

View full text Add to dashboard Cite

Cyber incidents can have a wide range of cause from a simple connection loss to an insistent attack. Once a potential cyber security incidents and system failures have been identified, deciding how to proceed is often complex. Especially, if the real cause is not directly in detail determinable. Therefore, we developed the concept of a Cyber Incident Handling Support System. The developed system is enriched with information by multiple sources such as intrusion detection systems and monitoring tools. It uses over twenty key attributes like sync-package ratio to identify potential security incidents and to classify the data into different priority categories. Afterwards, the system uses artificial intelligence to support the further decision-making process and to generate corresponding reports to brief the Board of Directors. Originating from this information, appropriate and detailed suggestions are made regarding the causes and troubleshooting measures. Feedback from users regarding the problem solutions are included into future decision-making by using labelled flow data as input for the learning process. The prototype shows that the decision making can be sustainably improved and the Cyber Incident Handling process becomes much more effective.

show abstract