Analysis of Security Events in Large-Scale Networks: A Report

Verified

Added on 2022/08/16

AI Summary

This report analyzes an article that discusses a system for the complex analysis of security events in large-scale networks. The study addresses issues with current SIEM (Security Information and Event Management) systems, such as data normalization problems, false positives, and prolonged processing times, especially in large networks with vast amounts of security events. The report highlights the system's contributions, including converting heterogeneous data to a unique format, employing a hybrid approach for security analytics, and proposing a novel algorithm for unsupervised anomaly detection. The system supports the collection of security events from various sources and utilizes signatures, queries, and anomaly detection to identify suspicious activities. The report also includes the system's testing on real datasets and KDD Cup 1999 data, demonstrating its efficiency and scalability in detecting malicious activities and providing valuable insights for SIEM system operators. The conclusion emphasizes the relevance of the algorithms and architectures used in the SIEM system prototype for analyzing Big Data security and its applicability to large enterprise networks.

Authors: Andrey Sapegin , David Jaeger, Feng Cheng, Christoph
Meinel
ARTICLE ANALYSIS: “TOWARDS A
SYSTEM FOR COMPLEX
ANALYSIS OF
SECURITY EVENTS IN LARGE-
SCALE NETWORKS”

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1. INTRODUCTION:
• Approximately after twenty years of development, current SIEM or
Security Information and Event Management, there are problems with
normalization of the data sources that are heterogeneous in nature.
Further, there are various fake positive warnings and prolonged times
particularly under large-scale networks under huge amounts of different
security events.
• The following study deals with the review of the given article that deals
with the present system related to complex assessment regarding
different security events present under large-scale networks.

2. BACKGROUND OF THE STUDY:
• The SIEM or the innovation of “Security Information and Event
Management” systems is seen to be coming out during late 90s for
regulating and then centralize managing of security of various data flows
under enterprise network.
• The article demonstrates the prototypes of SIEM systems combining most
novel type of technologies related to data analysis and processing and
then evaluates detailed concerns.

3. CONTRIBUTIONS OF THE PRESET WORK:
• There has been every log messages that are found to be coming to the
system has been converted from the heterogeneous origins to a unique
format.
• Analysis module of that system has deployed an innovative hybrid
approach towards effective security analytics.
• Novel algorithm has been proposed that s helpful for the unsupervised
anomaly findings.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4. UNDERSTANDING ISSUES WITH CURRENT SIEM
SYSTEMS AND METHODS TO DETECT ANOMALY:
• Firstly, heterogeneous kinds of data generates various issues.
• Secondly, there are problems regarding Big Data or high data volumes.
• Thirdly, most of SIEM systems are on market deploying solely the
signature-based approach originating from the IDSs.

5. DISCUSSION ON ANALYTICS OF REAL
EVENT AND MONITORING THE SYSTEM:
• Here, the specific system has been supporting an effective collection of
different types of security events originating from various sources.
• This involves the GNU/Linux and various hosts of Windows, controller of
domains and additional Log management systems and SIEM.

6. ANALYTICAL ABILITIES OF REAMS:
• The signatures are implemented prior the persistence of data to
database.
• As the normalized logs are there in the database, the anomaly and query-
based analytics are implemented to retrieve much more data from the
information.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7. KDD CUP 1999 DATA AND
REALWINDOWS EVENT DATASET:
• The primary data for the research came from a huge multinational
organization.
• This comprised of the Windows Events from various Domain Controllers
and ArcSight.

8. FINDING AND CATEGORIZATION OF
SUSPICIOUS HAPPENINGS IN THE
INFORMATION:
• This can be understood from the following table:

9. ANALYZING AND COMPARING EFFICIENCY OF
HYBRID ANOMALY DETECTION:
• This can be understood from the following graphs and Tables:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10. DETECTION PROCESS OF MALICIOUS
ACTIVITY:
The system has applied the hybrid approach using three distinct kinds of
assessments.
• Unsupervised anomaly detection
• Queries
• Signatures

11. RECOMMENDATIONS TO USE RANKED
OUTCOMES
• Apart from the anomaly detection, the signatures and queries of
information sources for operator of SIEM system apart from standard
method to assess output of anomaly-based module of detection.