A novel kill-chain framework for remote security log analysis with SIEM software. Issue 67 (June 2017)
- Record Type:
- Journal Article
- Title:
- A novel kill-chain framework for remote security log analysis with SIEM software. Issue 67 (June 2017)
- Main Title:
- A novel kill-chain framework for remote security log analysis with SIEM software
- Authors:
- Bryant, Blake D.
Saiedian, Hossein - Abstract:
- Abstract: Network security investigations pose many challenges to security analysts attempting to identify the root cause of security alarms or incidents. Analysts are often presented with cases where either incomplete information is present, or an overwhelming amount of information is presented in a disorganized manner. Either scenario greatly impacts the ability for incident responders to properly identify and react to security incidents when they occur. The framework presented in this paper draws upon previous research pertaining to cyber threat modeling with kill-chains, as well as the practical application of threat modeling to forensic. Modifications were made to conventional kill-chain models to facilitate logical data aggregation within a relational database collecting data across disparate remote sensors resulting in more detailed alarms to security analysts. The framework developed in this paper proved effective in identifying the relationship of security alarms along a continuum of expected behaviors conducive to executing security investigations in a methodical manner. This framework effectively addressed incomplete or inadequate alarm information through aggregation, and provided a methodology for organizing related data and conducting standard investigations. Both improvements proved instrumental in the effective identification of security threats in a more expeditious manner.
- Is Part Of:
- Computers & security. Issue 67(2017)
- Journal:
- Computers & security
- Issue:
- Issue 67(2017)
- Issue Display:
- Volume 67, Issue 67 (2017)
- Year:
- 2017
- Volume:
- 67
- Issue:
- 67
- Issue Sort Value:
- 2017-0067-0067-0000
- Page Start:
- 198
- Page End:
- 210
- Publication Date:
- 2017-06
- Subjects:
- Kill-chains -- Cyber ontology -- Cyber forensics -- Computer security -- Remote logging -- SIEM -- Intrusion detection alerts -- Operating system audit logs
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2017.03.003 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1901.xml