Towards an Enhanced Security Data Analytic Platform

Gustavo Gonzalez-Granadillo, Susana Gonzalez-Zarzosa, Mario Faiella

Abstract

We present in this paper a Cross-Layer Security Information and Event Management tool (herein after denoted as XL-SIEM) as an enhanced security data analytics platform with added high-performance correlation engine able to raise alarms from a business perspective considering different events collected at different layers. The platform is composed of a set of distributed agents, responsible for the event collection, normalization and transfer of data; an engine, responsible for the filtering, aggregation, and correlation of the events collected by the agents, as well as the generation of alarms; a database, responsible of the data storage; and a dashboard, responsible for the data visualization in the web graphical interface. The proposed platform has been deployed on top of the open-source SIEM OSSIM (AlienVault) providing enhanced features compared to current open-source solutions, in particular associated to data sources, correlation engine, visualization, and reaction capabilities. A testbed implementation is described to show the integration and applicability of the tool over a security infrastructure.

Download


Paper Citation


in Harvard Style

Gonzalez-Zarzosa S. and Faiella M. (2018). Towards an Enhanced Security Data Analytic Platform.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT, ISBN 978-989-758-319-3, pages 453-458. DOI: 10.5220/0006831104530458


in Bibtex Style

@conference{secrypt18,
author={Susana Gonzalez-Zarzosa and Mario Faiella},
title={Towards an Enhanced Security Data Analytic Platform},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,},
year={2018},
pages={453-458},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006831104530458},
isbn={978-989-758-319-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,
TI - Towards an Enhanced Security Data Analytic Platform
SN - 978-989-758-319-3
AU - Gonzalez-Zarzosa S.
AU - Faiella M.
PY - 2018
SP - 453
EP - 458
DO - 10.5220/0006831104530458