loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Markus Goldstein 1 ; Stefan Asanger 2 ; Matthias Reif 1 and Andrew Hutchison 3

Affiliations: 1 German Research Center for Artificial Intelligence (DFKI), Germany ; 2 University of Cape Town, South Africa ; 3 T-Systems International, South Africa

Keyword(s): Anomaly Detection, Event Management, SIEM, Outlier Detection,Windows Events, User Profiling, Behavior Profiling, Behavioral Analysis.

Related Ontology Subjects/Areas/Topics: Applications ; Economics, Business and Forecasting Applications ; Learning and Adaptive Control ; Pattern Recognition ; Ranking ; Software Engineering

Abstract: Security Information and Event Management (SIEM) systems are today a key component of complex enterprise networks. They usually aggregate and correlate events from different machines and perform a rule-based analysis to detect threats. In this paper we present an enhancement of such systems which makes use of unsupervised anomaly detection algorithms without the need for any prior training of the system. For data acquisition, events are exported from an existing SIEM appliance, parsed, unified and preprocessed to fit the requirements of unsupervised anomaly detection algorithms. Six different algorithms are evaluated qualitatively and finally a global k-NN approach was selected for a practical deployment. The new system was able to detect misconfigurations and gave the security operation center team more insight about processes in the network.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.227.52.248

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Goldstein, M.; Asanger, S.; Reif, M. and Hutchison, A. (2013). Enhancing Security Event Management Systems with Unsupervised Anomaly Detection. In Proceedings of the 2nd International Conference on Pattern Recognition Applications and Methods - ICPRAM; ISBN 978-989-8565-41-9; ISSN 2184-4313, SciTePress, pages 530-538. DOI: 10.5220/0004230105300538

@conference{icpram13,
author={Markus Goldstein. and Stefan Asanger. and Matthias Reif. and Andrew Hutchison.},
title={Enhancing Security Event Management Systems with Unsupervised Anomaly Detection},
booktitle={Proceedings of the 2nd International Conference on Pattern Recognition Applications and Methods - ICPRAM},
year={2013},
pages={530-538},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004230105300538},
isbn={978-989-8565-41-9},
issn={2184-4313},
}

TY - CONF

JO - Proceedings of the 2nd International Conference on Pattern Recognition Applications and Methods - ICPRAM
TI - Enhancing Security Event Management Systems with Unsupervised Anomaly Detection
SN - 978-989-8565-41-9
IS - 2184-4313
AU - Goldstein, M.
AU - Asanger, S.
AU - Reif, M.
AU - Hutchison, A.
PY - 2013
SP - 530
EP - 538
DO - 10.5220/0004230105300538
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic