Article Analysis: “Towards a System for Complex Analysis of Security Events in Large-Scale Networks”

Verified

Added on  2022/08/16

|17
|981
|20
Presentation
AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Authors: Andrey Sapegin , David Jaeger, Feng Cheng, Christoph
Meinel
ARTICLE ANALYSIS: “TOWARDS A
SYSTEM FOR COMPLEX
ANALYSIS OF
SECURITY EVENTS IN LARGE-
SCALE NETWORKS”

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1. INTRODUCTION:
Approximately after twenty years of development, current SIEM or
Security Information and Event Management, there are problems with
normalization of the data sources that are heterogeneous in nature.
Further, there are various fake positive warnings and prolonged times
particularly under large-scale networks under huge amounts of different
security events.
The following study deals with the review of the given article that deals
with the present system related to complex assessment regarding
different security events present under large-scale networks.
Document Page
2. BACKGROUND OF THE STUDY:
The SIEM or the innovation of “Security Information and Event
Management” systems is seen to be coming out during late 90s for
regulating and then centralize managing of security of various data flows
under enterprise network.
The article demonstrates the prototypes of SIEM systems combining most
novel type of technologies related to data analysis and processing and
then evaluates detailed concerns.
Document Page
3. CONTRIBUTIONS OF THE PRESET WORK:
There has been every log messages that are found to be coming to the
system has been converted from the heterogeneous origins to a unique
format.
Analysis module of that system has deployed an innovative hybrid
approach towards effective security analytics.
Novel algorithm has been proposed that s helpful for the unsupervised
anomaly findings.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4. UNDERSTANDING ISSUES WITH CURRENT SIEM
SYSTEMS AND METHODS TO DETECT ANOMALY:
Firstly, heterogeneous kinds of data generates various issues.
Secondly, there are problems regarding Big Data or high data volumes.
Thirdly, most of SIEM systems are on market deploying solely the
signature-based approach originating from the IDSs.
Document Page
5. DISCUSSION ON ANALYTICS OF REAL
EVENT AND MONITORING THE SYSTEM:
Here, the specific system has been supporting an effective collection of
different types of security events originating from various sources.
This involves the GNU/Linux and various hosts of Windows, controller of
domains and additional Log management systems and SIEM.
Document Page
6. ANALYTICAL ABILITIES OF REAMS:
The signatures are implemented prior the persistence of data to
database.
As the normalized logs are there in the database, the anomaly and query-
based analytics are implemented to retrieve much more data from the
information.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7. KDD CUP 1999 DATA AND
REALWINDOWS EVENT DATASET:
The primary data for the research came from a huge multinational
organization.
This comprised of the Windows Events from various Domain Controllers
and ArcSight.
Document Page
8. FINDING AND CATEGORIZATION OF
SUSPICIOUS HAPPENINGS IN THE
INFORMATION:
This can be understood from the following table:
Document Page
9. ANALYZING AND COMPARING EFFICIENCY OF
HYBRID ANOMALY DETECTION:
This can be understood from the following graphs and Tables:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10. DETECTION PROCESS OF MALICIOUS
ACTIVITY:
The system has applied the hybrid approach using three distinct kinds of
assessments.
Unsupervised anomaly detection
Queries
Signatures
Document Page
11. RECOMMENDATIONS TO USE RANKED
OUTCOMES
Apart from the anomaly detection, the signatures and queries of
information sources for operator of SIEM system apart from standard
method to assess output of anomaly-based module of detection.
Document Page
12. IMPROVEMENT OF PRIOR TASKS:
Implementing negative binomial model
Developing an efficient novel hybrid approach that has been assimilating
the smart vector-space model.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13. WAYS TO AVOID LONG TIME OF
COMPUTATION:
Smaller cluster and samples are build separately to create the ensemble of
the various SVM models. This lies on the helpful concept vectors of the
different identified clusters.
Here, eight samples from 100,000 events are considered. Moreover, every
body for the phase of training is used, that covers just 6.5% of the overall
dataset.
Nevertheless the aim is never to find every anomalies.
It has intended to the return of utmost types of suspicious activities
originating from data for any operator of the present SIEM system. The
algorithm suggested is largely scalable in nature and can be parallelised
further for gaining greater coverage. This is on the dataset through training
data.
Document Page
14. TESTING OF THE SYSTEM:
The system is tested on real dataset originating from huge multinational organization.
Here, different problems under the data are identified through deploying the three
measures like anomaly detection, queries and signatures. Performance of algorithms
and architecture permitted to assess one hundred sixty million log messages.
It has covered a three month time in few days. As a comparison is made with the
present approaches towards anomaly detection, the suggested Hybrid Anomaly
Detection generates various relevant outcomes.
It never needs to feature the re-processing and working quicker than different other
types of solutions.
Deployment of the algorithm suggested on KDD Cup 1999 data has taken place. This
has also proved the efficiency. Besides, the algorithm has been capable of assessing
any sort of information. This includes the textual fields and also constant numerical
values. This is due to enhanced feature of the discretisation measures.
Document Page
15. CONCLUSION:
In this way, both algorithms and architectures utilized in the SIEM system
prototype has been largely relevant for the analysis of security of Big
Data. It could also be implemented also to huge networks of enterprises.
This is assure that the finding of malicious activities traced under log
measures.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
REFERENCE:
Sapegin, A., Jaeger, D., Cheng, F. and Meinel, C., 2017. Towards a system
for complex analysis of security events in large-scale networks. Computers
& Security, 67, pp.16-34.
1 out of 17
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]