• DocumentCode
    251766
  • Title

    Filtering Security Alerts for the Analysis of a Production SaaS Cloud

  • Author

    Pecchia, Antonio ; Cotroneo, Domenico ; Ganesan, Rajeshwari ; Sarkar, Santonu

  • Author_Institution
    Dipt. di Ing. Elettr. e delle Tecnol. dell´Inf., Univ. degli Studi di Napoli Federico II, Naples, Italy
  • fYear
    2014
  • fDate
    8-11 Dec. 2014
  • Firstpage
    233
  • Lastpage
    241
  • Abstract
    Security alerts collected under real workload conditions represent a goldmine of information to protect integrity and confidentiality of a production Cloud. Nevertheless, the volume of runtime alerts overwhelms operations teams and makes forensics hard and time consuming. This paper investigates the use of different text weighting schemes to filter an average volume of 1,000 alerts/day produced by a security information and event management (SIEM) tool in a production SaaS Cloud. As a result, a filtering approach based on the log. Entropy scheme, has been developed to pinpoint relevant information across the amount of daily textual alerts. The proposed filter is valuable to support operations team and allowed identifying real incidents that affected several nodes and required manual response.
  • Keywords
    cloud computing; data privacy; SIEM tool; entropy scheme; filtering approach; production SaaS cloud; production cloud confidentiality; production cloud integrity; security alert; security information and event management; text weighting scheme; Business; Entropy; Monitoring; Principal component analysis; Production; Security; Switches; Cloud; SaaS; filtering; security; text weighting;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on
  • Conference_Location
    London
  • Type

    conf

  • DOI
    10.1109/UCC.2014.32
  • Filename
    7027499
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=251766