Adaptive Security Event Visualization for Continuous Monitoring
نویسندگان
چکیده
The field of information security routinely produces the need for a security information and event management system operator who would be capable of durable and extensive (e.g., workday-long) monitoring of the system in his control with well-timed decision making in emergencies. The obvious concern is that such continuous exertion is bound to lead to the operator's increased fatigue, reduced attention span, and flawed decision making. This paper proposes methods of the visualization system’s adaptation to these changes for improving the operator's efficiency in terms of speed and accuracy.
منابع مشابه
Technique of Data Visualization: Example of Network Topology Display for Security Monitoring
The paper presents the results of research devoted to the development of an unified flexible visualization system for security monitoring of computer networks used in the SIEM systems. The developed models and technique of visualization are used for selection of methods of data collection, normalization, preprocessing and representation. The individual components of the proposed visualization s...
متن کاملTowards a Model- and Learning-Based Framework for Security Anomaly Detection
For critical areas, such as the health-care domain, it is common to formalize workflow, traffic-flow and access control via models. Typically security monitoring is used to firstly determine if the system corresponds to the specifications in these models and secondly to deal with threats, e.g. by detecting intrusions, via monitoring rules. The challenge of security monitoring stems mainly from ...
متن کاملA Scalable Aural-Visual Environment for Security Event Monitoring, Analysis, and Response
Intrusion detection systems gather large quantities of host and network information in an attempt to detect and respond to attacks against an organization. The widely varying nature of attacks makes humans essential for analysis, but the sheer volume of data can quickly overwhelm even experienced analysts. Existing approaches utilize visualization to provide rapidly comprehensible representatio...
متن کاملAdaptive Monitoring to Detect Intrusions in Critical Servers
An intrusion in a critical server can affect the security of an entire infrastructure that relies on it, including clients and other services. Hence, there is a constant concern in deploying and maintaining the correct execution of these servers. This paper presents an approach for continuous monitoring of a server execution in an adaptive way, where fundamental tasks are thoroughly monitored, ...
متن کاملA Visual Approach for Monitoring Logs
Analyzing and monitoring logs that portray system, user, and network activity is essential to meet the requirements of high security and optimal resource availability. While most systems now possess satisfactory logging facilities, the tools to monitor and interpret such event logs are still in their infancy. This paper describes an approach to relieve system and network administrators from man...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013