Providing SIEM systems with self-adaptation

Suárez-Tangil, Guillermo; Palomar, Esther; Ribagorda, Arturo; Sanz, I.

doi:10.1016/j.inffus.2013.04.009

Cited by 14 publications

(9 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…(2) Other Preprocessing Steps e authors in [15] used neural networks as an event classifier within SIEM systems. e classifier, called CONTEXTUAL, is used with another subsystem called GENIAL based on genetic programming to improve the correlation engine of SIEM systems.…”

Section: Related Workmentioning

confidence: 99%

“…Model Dataset Accuracy (%) El Hajji et al [9] NN with best cost and training function NSL-KDD 81.8 Javaid et al [10] Sparse autoencoder with SMR NSL-KDD 78.06 Gurung et al [11] Sparse autoencoder with LR NSL-KDD 87.2 Yin et al [12] RNN based IDS NSL-KDD 81.29 Chouhan et al [13] CBR-CNN based IDS NSL-KDD 89.41 Maddikunta et al [14] DNN with PCA-GWO Kaggle dataset 99.9 Suarez-Tangil et al [15] NN and GP --Ussath et al [16] RNN and NN -89 Chiba et al [17] NN KDD 99.62 Bhattacharya et al [18] PCA-firefly based XGBoost Kaggle dataset 99.9 Gadekallu et al [19] Naive Bayes Kaggle and CERT-In repositories 99.9…”

Section: Referencementioning

confidence: 99%

See 1 more Smart Citation

Neural Network-Based Voting System with High Capacity and Low Computation for Intrusion Detection in SIEM/IDS Systems

Moukafih

Orhanou

Hajji

2020

Security and Communication Networks

View full text Add to dashboard Cite

Integrating intelligence into intrusion detection tools has received much attention in the last years. The goal is to improve the detection capability within SIEM and IDS systems in order to cope with the increasing number of attacks using sophisticated and complex methods to infiltrate systems. Current SIEM and IDS systems have many processes involved, which work together to collect, analyze, detect, and send notification of failures in real time. Event normalization, for example, requires significant processing power to handle network events. So, adding heavy deep learning models will invoke additional resources for the SIEM or IDS tool. This paper presents a majority system based on reliability approach that combines simple feedforward neural networks, as weak learners, and produces high detection capability with low computation resources. The experimental results show that the model is very suitable for modeling a classification model with high accuracy and that its performance is superior to that of complex resource-intensive deep learning models.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Referencementioning

confidence: 99%

Neural Network-Based Voting System with High Capacity and Low Computation for Intrusion Detection in SIEM/IDS Systems

Moukafih

Orhanou

Hajji

2020

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…We believe that two-tier architecture is more practical and widely deployed for enterprise networks where critical security-related information is collected into an inside server. For example, enterprise networks generally have a centralized log collection system, called enterprise security management (ESM) or security information and event management (SIEM) [4]. As a central coordinator and monitoring agents can be supervised by the same authority, no monitoring information is open to outside.…”

Section: Problem Definitionmentioning

confidence: 99%

Finding Widespread Events with Simple Bitmaps

Naqvi

Yoon

2018

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Finding widespread events in a distributed network is crucial when detecting cyber-attacks or network malfunctions. We propose a new detection scheme for widespread events based on bitmaps that can succinctly record and deliver event information between monitoring agents and a central coordinator. Our proposed scheme reduces communication overhead as well as total number of rounds, and achieves even higher accuracy, compared with the current state of the art.

show abstract

“…The recent work of Suarez-Tangil et al [96] discusses typical problems in the domain of Security Information, addressed with an Event Management paradigm (SIEM) for intrusion detection with self-adaptive systems. Machine learning is applied for rule extraction to classify reported events accordingly to a contextbased pattern definition of attacks.…”

Section: Situation Assessmentmentioning

confidence: 99%

Context-based Information Fusion: A survey and discussion

2015

View full text Add to dashboard Cite

This survey aims to provide a comprehensive status of recent and current research on context-based Information Fusion (IF) systems, tracing back the roots of the original thinking behind the development of the concept of ''context''. It shows how its fortune in the distributed computing world eventually per-meated in the world of IF, discussing the current strategies and techniques, and hinting possible future trends. IF processes can represent context at different levels (structural and physical constraints of the scenario, a priori known operational rules between entities and environment, dynamic relationships modelled to interpret the system output, etc.). In addition to the survey, several novel context exploita-tion dynamics and architectural aspects peculiar to the fusion domain are presented and discussed.

show abstract

Providing SIEM systems with self-adaptation

Cited by 14 publications

References 48 publications

Neural Network-Based Voting System with High Capacity and Low Computation for Intrusion Detection in SIEM/IDS Systems

Neural Network-Based Voting System with High Capacity and Low Computation for Intrusion Detection in SIEM/IDS Systems

Finding Widespread Events with Simple Bitmaps

Context-based Information Fusion: A survey and discussion

Contact Info

Product

Resources

About