Title :
Filtering Security Alerts for the Analysis of a Production SaaS Cloud
Author :
Pecchia, Antonio ; Cotroneo, Domenico ; Ganesan, Rajeshwari ; Sarkar, Santonu
Author_Institution :
Dipt. di Ing. Elettr. e delle Tecnol. dell´Inf., Univ. degli Studi di Napoli Federico II, Naples, Italy
Abstract :
Security alerts collected under real workload conditions represent a goldmine of information to protect integrity and confidentiality of a production Cloud. Nevertheless, the volume of runtime alerts overwhelms operations teams and makes forensics hard and time consuming. This paper investigates the use of different text weighting schemes to filter an average volume of 1,000 alerts/day produced by a security information and event management (SIEM) tool in a production SaaS Cloud. As a result, a filtering approach based on the log. Entropy scheme, has been developed to pinpoint relevant information across the amount of daily textual alerts. The proposed filter is valuable to support operations team and allowed identifying real incidents that affected several nodes and required manual response.
Keywords :
cloud computing; data privacy; SIEM tool; entropy scheme; filtering approach; production SaaS cloud; production cloud confidentiality; production cloud integrity; security alert; security information and event management; text weighting scheme; Business; Entropy; Monitoring; Principal component analysis; Production; Security; Switches; Cloud; SaaS; filtering; security; text weighting;
Conference_Titel :
Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on
Conference_Location :
London
DOI :
10.1109/UCC.2014.32
