Title :
A Dangerousness-Based Investigation Model for Security Event Management
Author :
Legrand, V. ; State, R. ; Paffumi, L.
Author_Institution :
ExaProtect, Villeurbanne
fDate :
June 29 2008-July 5 2008
Abstract :
The current landscape of security management solutions for large scale networks is limited by the lack of supporting approaches capable to deal with the huge number of alarms and events that are generated on current networks. In this paper we propose a security management architecture, capable to reconstruct causal dependencies from captured network and service alarms. The key idea is based on mapping events in semantic spaces, where a novel algorithm can determine such dependencies. We have implemented a prototype and tested it on a operational network within an outsourced security management suite protecting multiple networks.
Keywords :
alarm systems; invasive software; large-scale systems; telecommunication security; dangerousness-based investigation model; large scale networks; outsourced security management suite; security event management; semantic spaces; service alarms; Asset management; Event detection; Fault detection; Information security; Internet; Large-scale systems; Monitoring; Probes; Protection; Risk management; METRICS; RISK; Security and Event Management; diagnosis; investigation; root cause;
Conference_Titel :
Internet Monitoring and Protection, 2008. ICIMP '08. The Third International Conference on
Conference_Location :
Bucharest
Print_ISBN :
978-0-7695-3189-2
Electronic_ISBN :
978-0-7695-3189-2
DOI :
10.1109/ICIMP.2008.16
