Quotation Ekelhart, Andreas, Kiesling, Elmar, Kurniawan, Kabul. 2018. Taming the logs - Vocabularies for semantic security analysis. Procedia Computer Science. 137 109-119.


RIS


BibTeX

Abstract

Due to the growing complexity of information systems and the increasing prevalence and sophistication of threats, security management has become an enormously challenging task. To identify suspicious activities, security analysts need to monitor their systems constantly, which involves coping with high volumes of heterogeneous log data from various sources. Processes to aggregate these disparate logs and trigger alerts when particular events occur are often automated today. However, these methods are typically based on regular expressions and statistical correlations and do not involve any interpretation of the context in which an event occurred and do not allow for inference or sophisticated rules. Inspection and in-depth analysis of log information to link events from various sources (e.g., firewall, syslog, web server log, database log) and establish causal chains has therefore largely remained a tedious manual search process that scales poorly with a growing number of heterogeneous log sources, log volumes, and the increasing complexity of attacks. In this paper, we make the case for a semantic approach to tackle these challenges. By lifting raw log data and modeling their context, events can be linked to rich background knowledge, integrated based on causal relations, and interpreted in a context-specific manner. This builds a foundation for more comprehensive extraction of the meaning of events from unstructured log messages. Based on the results, we envision a platform to partly automate security monitoring and support analysts in coping with fast evolving threat landscapes, alleviate alert fatigue, improve situational awareness, and expedite incidence response.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation External
Type of publication Journal article
Journal Procedia Computer Science
Language English
Title Taming the logs - Vocabularies for semantic security analysis
Volume 137
Year 2018
Page from 109
Page to 119
Reviewed? Y
URL https://api.elsevier.com/content/article/PII:S1877050918316156?httpAccept=text/xml
DOI http://dx.doi.org/10.1016/j.procs.2018.09.011
Open Access Y
Open Access Link https://reader.elsevier.com/reader/sd/pii/S1877050918316156?token=F584B62936FFF1B938A61889FB50BD504E669BEC06459CF7F8C1C0C882CB55C817FB7D11694222EDA473

Associations

People
Ekelhart, Andreas (Former researcher)
Kiesling, Elmar (Details)
Kurniawan, Kabul (Details)
Organization
Institute for Data, Process and Knowledge Management (AE Polleres) (Details)
Research areas (Ă–STAT Classification 'Statistik Austria')
1109 Information and data processing (Details)
1122 Artificial intelligence (Details)
1147 IT security (Details)
2953 Data security and data privacy (Details)
Google Scholar: Search