Using Security Logs for Collecting and Reporting Technical Security Metrics

Author

Vaarandi, Risto ; Pihelgas, Mauno

Author_Institution

NATO Cooperative Cyber Defence Centre of Excellence Tallinn, Tallinn, Estonia

fYear

2014

fDate

6-8 Oct. 2014

Firstpage

294

Lastpage

299

Abstract

During recent years, establishing proper metrics for measuring system security has received increasing attention. Security logs contain vast amounts of information which are essential for creating many security metrics. Unfortunately, security logs are known to be very large, making their analysis a difficult task. Furthermore, recent security metrics research has focused on generic concepts, and the issue of collecting security metrics with log analysis methods has not been well studied. In this paper, we will first focus on using log analysis techniques for collecting technical security metrics from security logs of common types (e.g., Network IDS alarm logs, workstation logs, and Net flow data sets). We will also describe a production framework for collecting and reporting technical security metrics which is based on novel open-source technologies for big data.

Keywords

Big Data; computer network security; big data; log analysis methods; log analysis techniques; open source technology; security logs; technical security metric collection; technical security metric reporting; Correlation; Internet; Measurement; Monitoring; Peer-to-peer computing; Security; Workstations; security log analysis; security metrics;

fLanguage

English

Publisher

ieee

Conference_Titel

Military Communications Conference (MILCOM), 2014 IEEE

Conference_Location

Baltimore, MD

Type

conf

DOI

10.1109/MILCOM.2014.53

Filename

6956774