Conference Papers for Security and Trust Engineering at the chair of Prof. Dr. Christoph Meinel

Here you can find all our peer-reviewed conference papers about security and trust engineering:

Normalizing Security Events with a Hierarchical Knowledge Base

Jaeger, David; Azodi, Amir; Cheng, Feng; Meinel, Christoph in Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP'15) volume   9311   of   Lecture Notes in Computer Science 9311 , page 237-248 . Springer Internation Publishing , 2015 .

An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
[ DOI ]
Further Information
Tags event_logs  its  knowledge_base  network_security  normalization 


You can find other sub-lists of our conference papers focusing on 

Go back to the complete list of peer-reviewed conference papers.

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.