Mobile agent-based SIEM for event collection and normalization externalization. (25th September 2019)
- Record Type:
- Journal Article
- Title:
- Mobile agent-based SIEM for event collection and normalization externalization. (25th September 2019)
- Main Title:
- Mobile agent-based SIEM for event collection and normalization externalization
- Authors:
- Moukafih, Nabil
Orhanou, Ghizlane
Elhajji, Said - Abstract:
- Abstract : Purpose: This paper aims to propose a mobile agent-based security information and event management architecture (MA-SIEM) that uses mobile agents for near real-time event collection and normalization on the source device. The externalization of the normalization process, executed by several distributed mobile agents on interconnected computers and devices, proposes a SIEM server dedicated mainly for correlation and analysis. Design/methodology/approach: The architecture has been proposed in three stages. In the first step, the authors described the different aspects of the proposed approach. Then they implemented the proposed architecture and presented a new vision for the insertion of normalized data into the SIEM database. Finally, the authors performed a numerical comparison between the approach used in the proposed architecture and that of existing SIEM systems. Findings: The results of the experiments showed that MA-SIEM systems are more efficient than existing SIEM systems because they leave the SIEM resources primarily dedicated to advanced correlation analysis. In addition, this paper takes into account realistic scenarios and use-cases and proposes a fully automated process for transferring normalized events in near real time to the SIEM server for further analysis using mobile agents. Originality/value: The work provides new insights into the normalization security-related events using light mobile agents.
- Is Part Of:
- Information and computer security. Volume 28:Number 1(2020)
- Journal:
- Information and computer security
- Issue:
- Volume 28:Number 1(2020)
- Issue Display:
- Volume 28, Issue 1 (2020)
- Year:
- 2020
- Volume:
- 28
- Issue:
- 1
- Issue Sort Value:
- 2020-0028-0001-0000
- Page Start:
- 15
- Page End:
- 34
- Publication Date:
- 2019-09-25
- Subjects:
- Data collection -- Log normalization -- Mobile agent -- SIEM
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2019-0008 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22159.xml