Observatorio de I+D+i UPM

Memorias de investigación
Communications at congresses:
A Scalable SIEM Correlation Engine and Its Application to the Olympic Games IT Infrastructure
Year:2013
Research Areas
  • Information technology and adata processing
Information
Abstract
The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle gargantuan amounts of events or wide correlation window spans. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. This paper introduces a step forward in the current state of the art to address the aforementioned problems. The proposed model takes into account the two main aspects of this ?eld: distributed correlation and query parallelization. We present a case study of a multiple-step attack on the Olympic Games IT infrastructure to illustrate the applicability of our approach.
International
Si
Congress
Eighth International Conference on Availability, Reliability and Security (ARES), 2013
960
Place
Reviewers
Si
ISBN/ISSN
978-0-7695-5008-4
10.1109/ARES.2013.82
Start Date
02/09/2013
End Date
06/09/2013
From page
625
To page
629
2013 International Conference on Availability, Reliability and Security
Participants
  • Autor: Ricardo Jimenez Peris (UPM)
  • Autor: Marta Patiño Martinez (UPM)
  • Participante: Torres Ruben
  • Autor: Diaz Rodrigo
  • Autor: Prieto Elsa
Research Group, Departaments and Institutes related
  • Creador: Grupo de Investigación: Laboratorio de sistemas distribuidos (LSD)
S2i 2019 Observatorio de investigación @ UPM con la colaboración del Consejo Social UPM
Cofinanciación del MINECO en el marco del Programa INNCIDE 2011 (OTR-2011-0236)
Cofinanciación del MINECO en el marco del Programa INNPACTO (IPT-020000-2010-22)