The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Mitigation techniques employed by attackers has meant that traditional Network Intrusion Detection Systems (NIDS) are no longer able to reliably protect a network in the face of ever more sophisticated attacks. Security Information and Event Management (SIEM) systems monitor network systems by analyzing the logs they produce. In this paper, we propose a method of visualizing attacks by aggregating,...
Network Topology Discovery and Inventory Listing are two of the primary features of modern network monitoring systems (NMS). Current NMSs rely heavily on active scanning techniques for discovering and mapping network information. Although this approach works, it introduces some major drawbacks such as the performance impact it can exact, specially in larger network environments. As a consequence,...
As computer software systems grow ever more sophisticated, so do the mechanisms used in compromising them. Some of the most advanced cyber attacks in recent years would have required considerable preparation and research on the specific software applications and the hardware they targeted. In this paper we focus on native applications and evaluate different reverse engineering techniques with a focus...
Understanding events produced by IT systems is a vital part of effectively managing and maintaining medium and large sized computer networks. As a result, Security Information and Management (SIEM) systems have become an indispensable part of modern networks. One of the main challenges facing SIEM systems is the ability to parse and extract relevant information from the processed events in near real-time...
Such information as system and application logs as well as the output from the deployed security measures, e.g., IDS alerts, firewall logs, scanning reports, etc., is important for the administrators or security operators to be aware at first time of the running state of the system and take efforts if necessary. In this context, high performance security analytics is proposed to address the challenges...
Looking at current IDS and SIEM systems, we observe heavy processing power dedicated solely to answering a simple question, What is the format of the log line that the IDS (or SIEM) system should process next? Due to the apparent difficulties of uniquely identifying a log line at run-time, most systems today do little or no normalisation of the events they receive. Indeed these systems often rely...
The current state of affairs regarding the way events are logged by IT systems is the source of many problems for the developers of Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) systems. These problems stand in the way of the development of more accurate security solutions that draw their results from the data included within the logs they process. This is...
A huge amount of information about real-time events are being generated in every second in a running IT-Infrastructure and recorded by the system logs, application logs, as well as the output from the deployed security or management methods, e.g., IDS alerts, firewall logs, scanning reports, etc. To rapidly gather, process, correlate, and analyze the massive event information is a challenging task...
The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilization within existing solutions for security management. In our paper, we reveal the reasons for this limitation. We show disadvantages of existing...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.