A Study of ESMTC(Enterprise Security Management System Based on Threshold Classification)

Most of organizations operate an Enterprise Security Management system (ESM) for managing and analyzing security events. However, it is difficult to instantly analyze and respond for each event by a security manager because the amount of security events collected, stored, analyzed, and displayed by the Enterprise Security Management system is significantly increased according to time and expansions in systems and networks. In addition, as the trends of threats have been changed as a type of Advanced Persistent Threat (APT) that attacks specific individuals and organizations for a long term period, an integrated analysis is required for all security events. Thus, in this study, an Enterprise Security Management system based on Threshold Classification (ESMTC) is proposed to detect and intercept cyber threats occurred for a long term period. It shows an advantage that it does not failure to notice even a single attack through structuralizing and listing detailed attack detection packets and performs related analyses to other attacks.