2011
DOI: 10.1177/1548512911399303
|View full text |Cite
|
Sign up to set email alerts
|

Design and Analysis of a Dynamically Configured Log-based Distributed Security Event Detection Methodology

Abstract: Military and defense organizations rely upon the security of data stored in, and communicated through, their cyber infrastructure to fulfill their mission objectives. It is essential to identify threats to the cyber infrastructure in a timely manner, so that mission risks can be recognized and mitigated. Centralized event logging and correlation is a proven method for identifying threats to cyber resources. However, centralized event logging is inflexible and does not scale well, because it consumes excessive … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
10
0

Year Published

2011
2011
2021
2021

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 11 publications
(10 citation statements)
references
References 19 publications
0
10
0
Order By: Relevance
“…To solve this problem, various analytical methods have been proposed to analyze logs [24]. Log analytics methods include both high level approaches, such as anomaly detection [25] [26], text analytics [27], dynamic rule creation [28], and event correlation [24], to the application of specific algorithms such as support vector machines [29], random forests [30], principal component analysis (PCA) and factor analysis (FA) [3]. However, analytics by themselves can be brittle.…”
Section: Cyber Forensics Analyticsmentioning
confidence: 99%
“…To solve this problem, various analytical methods have been proposed to analyze logs [24]. Log analytics methods include both high level approaches, such as anomaly detection [25] [26], text analytics [27], dynamic rule creation [28], and event correlation [24], to the application of specific algorithms such as support vector machines [29], random forests [30], principal component analysis (PCA) and factor analysis (FA) [3]. However, analytics by themselves can be brittle.…”
Section: Cyber Forensics Analyticsmentioning
confidence: 99%
“…In a military and defense context, Grimaila et al [19] also propose a distributed approach to security event correlation in order to "identify potential threats in a timely manner". Rieke and Stoynova [20] present a blueprint of an archtitecture for predictive security analysis that uses process models in extension to security policies and models.…”
Section: Related Workmentioning
confidence: 99%
“…Related research, c.f. Lazarevic et al, 18 Denning, 19 Garc ıa-Teodoro et al, 20 Grimaila et al, 21 Moore et al, 22 Dube et al, 23 Shilland, 24 Shen et al, 25 Stewart et al 26 has focused on anomaly detection at the device/software level, with little 21,[27][28][29][30][31][32] exploration into anomaly detection in the log files generated from the preexisting devices or software.…”
Section: Introductionmentioning
confidence: 99%