"Scalable Security Event Aggregation for Situation Analysis"
| Title | "Scalable Security Event Aggregation for Situation Analysis" |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | J. Kim, I. Moon, K. Lee, S. C. Suh, I. Kim |
| Conference Name | 2015 IEEE First International Conference on Big Data Computing Service and Applications |
| Date Published | March |
| Publisher | IEEE |
| ISBN Number | 978-1-4799-8128-1 |
| Accession Number | 15367013 |
| Keywords | advanced persistent threat, advanced persistent threats, Aggregates, Analytical models, APT, attack methodologies, Big Data, big-data analytics, big-data computing, big-data security analytics, Computer crime, Computers, cyber-attacks, Data analysis, Data processing, Database languages, Hadoop cluster, high-level query languages, large-scale data analysis, large-scale data processing, on-demand aggregation, parallel processing, pattern clustering, performance evaluation, periodic aggregation, pubcrawl170101, query languages, query support, scalable security event aggregation, SEAS-MR, security, security analytics, Security event aggregation, security event aggregation system over MapReduce, Sensors, situation analysis, stealthy hacking processes |
| Abstract | Cyber-attacks have been evolved in a way to be more sophisticated by employing combinations of attack methodologies with greater impacts. For instance, Advanced Persistent Threats (APTs) employ a set of stealthy hacking processes running over a long period of time, making it much hard to detect. With this trend, the importance of big-data security analytics has taken greater attention since identifying such latest attacks requires large-scale data processing and analysis. In this paper, we present SEAS-MR (Security Event Aggregation System over MapReduce) that facilitates scalable security event aggregation for comprehensive situation analysis. The introduced system provides the following three core functions: (i) periodic aggregation, (ii) on-demand aggregation, and (iii) query support for effective analysis. We describe our design and implementation of the system over MapReduce and high-level query languages, and report our experimental results collected through extensive settings on a Hadoop cluster for performance evaluation and design impacts. |
| URL | http://ieeexplore.ieee.org/document/7184860/ |
| DOI | 10.1109/BigDataService.2015.28 |
| Citation Key | 7184860 |
- scalable security event aggregation
- large-scale data processing
- on-demand aggregation
- parallel processing
- pattern clustering
- performance evaluation
- periodic aggregation
- pubcrawl170101
- query languages
- query support
- large-scale data analysis
- SEAS-MR
- security
- security analytics
- Security event aggregation
- security event aggregation system over MapReduce
- sensors
- situation analysis
- stealthy hacking processes
- big-data security analytics
- advanced persistent threats
- Aggregates
- Analytical models
- APT
- attack methodologies
- Big Data
- big-data analytics
- big-data computing
- advanced persistent threat
- Computer crime
- Computers
- cyber-attacks
- data analysis
- Data processing
- Database languages
- Hadoop cluster
- high-level query languages