Analysis of security data from a large computing organization

Authors:
A. Sharma;Z. Kalbarczyk;J. Barlow;R. Iyer
Affiliations:
University of Illinois at Urbana-Champaign, 1308. Main St., 61801, USA;University of Illinois at Urbana-Champaign, 1308. Main St., 61801, USA;University of Illinois at Urbana-Champaign, 1308. Main St., 61801, USA;University of Illinois at Urbana-Champaign, 1308. Main St., 61801, USA
Venue:
DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks
Year:
2011

Citing 0
Cited 1

A lone wolf no more: supporting network intrusion detection with real-time intelligence

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.