2011 44th Hawaii International Conference on System Sciences 2011
DOI: 10.1109/hicss.2011.288
|View full text |Cite
|
Sign up to set email alerts
|

Log-Based Distributed Security Event Detection Using Simple Event Correlator

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2012
2012
2019
2019

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 10 publications
(8 citation statements)
references
References 5 publications
0
8
0
Order By: Relevance
“…Cybersecurity attacks are often characterized by unstructured indicators or footprints. Machine learning techniques are proposed [9,10] to automate the detection process. Some indicators have characteristics that lend them to this types of analysis.…”
Section: A Analytics and Visualizationmentioning
confidence: 99%
“…Cybersecurity attacks are often characterized by unstructured indicators or footprints. Machine learning techniques are proposed [9,10] to automate the detection process. Some indicators have characteristics that lend them to this types of analysis.…”
Section: A Analytics and Visualizationmentioning
confidence: 99%
“…The NIST [9] outlines the principles underlining the computer log event management and event correlation to detect anomalous activities on a system. The intelligence includes network packet signatures, intrusion detection signatures, log correlation sequences, firewall pre-sets (network port configurations), and many more [2,4,7,14,15]. Liao et al [8] discuss how the latest technologies are evolving in adapting to such attacks.…”
Section: A the Emergence Of The Breach-point Detection Problemmentioning
confidence: 99%
“…They provide a taxonomy to modern IDS designs and the methods adopted for detection. Myers et al [15] present a distributed event correlation system, which performs security event detection, with experimental evaluation, taking into account network bandwidth utilization, detection capability and query efficiency, in comparison with a centralized alternative. They conclude that distributed processing environment can provide up to 99% reduction of network syslog traffic allowing for near real-time detection.…”
Section: Related Workmentioning
confidence: 99%
“…According to Myers et al [80], event correlation is frequently not performed with log analysis due to "difficulties and inadequacies with current technologies". One reason they indicate that organizations have difficulties analyzing security logs is because of "the sheer volume of data to collect, process and store".…”
Section: Big Heterogeneous Cyberspace Datamentioning
confidence: 99%