Title :
Analysis of security data from a large computing organization
Author :
Sharma, A. ; Kalbarczyk, Z. ; Barlow, J. ; Iyer, R.
Author_Institution :
Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA
Abstract :
This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.
Keywords :
security of data; National Center for Supercomputing Applications; University of Illinois; data security analysis; large computing organization; security monitoring; Analytical models; Computational modeling; Data models; IP networks; Monitoring; Security; Software; alerts; incident/attack data analysis; large scale computing systems; security monitoring;
Conference_Titel :
Dependable Systems & Networks (DSN), 2011 IEEE/IFIP 41st International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-9232-9
Electronic_ISBN :
1530-0889
DOI :
10.1109/DSN.2011.5958263
