Title :
An Experiment with Conceptual Clustering for the Analysis of Security Alerts
Author :
Paudice, Andrea ; Sarkar, Santonu ; Cotroneo, Domenico
Author_Institution :
Dipt. di Ing. Elettr. e delle Tecnol. dell´Inf., Univ. degli Studi di Napoli Federico II, Naples, Italy
Abstract :
In response to attack against corporative and enterprise networks, administrators deploy intrusion detection systems, monitors, vulnerability scans and log systems. These systems monitor and record host and network device activities searching for signs of anomalies and security incidents. Doing that, these systems generally produce a huge number of alerts that overwhelms security analysts. This paper proposes the application of a conceptual clustering technique for filtering alerts and shows the results obtained for seven months of security alerts generated in a real large scale SaaS Cloud system. The technique has been useful to support manual analysis activities conducted by the operations team of the reference Cloud system.
Keywords :
cloud computing; security of data; anomalies; conceptual clustering; corporative networks; enterprise networks; intrusion detection systems; log systems; real large scale SaaS cloud system; security alerts; security incidents; vulnerability scans; Computer architecture; Data analysis; Manuals; Monitoring; Robustness; Security; Training; Cloud; SIEM; clustering; filtering; security;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
Conference_Location :
Naples
DOI :
10.1109/ISSREW.2014.82
