Scalable Security Event Aggregation for Situation Analysis
| Title | Scalable Security Event Aggregation for Situation Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | Kim, J., Moon, I., Lee, K., Suh, S. C., Kim, I. |
| Conference Name | 2015 IEEE First International Conference on Big Data Computing Service and Applications |
| Date Published | April 2015 |
| Publisher | IEEE |
| ISBN Number | 978-1-4799-8128-1 |
| Keywords | advanced persistent threats, Aggregates, Analytical models, APT, attack methodologies, Big Data, big-data analytics, big-data computing, big-data security analytics, Computer crime, Computers, cyber-attacks, Data analysis, Data processing, Database languages, Hadoop cluster, high-level query languages, large-scale data analysis, large-scale data processing, on-demand aggregation, parallel processing, pattern clustering, performance evaluation, periodic aggregation, pubcrawl170109, query languages, query support, scalable security event aggregation, SEAS-MR, security, security analytics, Security event aggregation, security event aggregation system over MapReduce, Sensors, situation analysis, stealthy hacking processes |
| Abstract | Cyber-attacks have been evolved in a way to be more sophisticated by employing combinations of attack methodologies with greater impacts. For instance, Advanced Persistent Threats (APTs) employ a set of stealthy hacking processes running over a long period of time, making it much hard to detect. With this trend, the importance of big-data security analytics has taken greater attention since identifying such latest attacks requires large-scale data processing and analysis. In this paper, we present SEAS-MR (Security Event Aggregation System over MapReduce) that facilitates scalable security event aggregation for comprehensive situation analysis. The introduced system provides the following three core functions: (i) periodic aggregation, (ii) on-demand aggregation, and (iii) query support for effective analysis. We describe our design and implementation of the system over MapReduce and high-level query languages, and report our experimental results collected through extensive settings on a Hadoop cluster for performance evaluation and design impacts. |
| URL | http://ieeexplore.ieee.org/document/7184860/ |
| DOI | 10.1109/BigDataService.2015.28 |
| Citation Key | kim_scalable_2015 |
- scalable security event aggregation
- on-demand aggregation
- parallel processing
- pattern clustering
- performance evaluation
- periodic aggregation
- pubcrawl170109
- query languages
- query support
- large-scale data processing
- SEAS-MR
- security
- security analytics
- Security event aggregation
- security event aggregation system over MapReduce
- sensors
- situation analysis
- stealthy hacking processes
- Computer crime
- Aggregates
- Analytical models
- APT
- attack methodologies
- Big Data
- big-data analytics
- big-data computing
- big-data security analytics
- advanced persistent threats
- Computers
- cyber-attacks
- data analysis
- Data processing
- Database languages
- Hadoop cluster
- high-level query languages
- large-scale data analysis