Enhancing Security Event Management Systems with Unsupervised Anomaly Detection

@inproceedings{Goldstein2013EnhancingSE,
  title={Enhancing Security Event Management Systems with Unsupervised Anomaly Detection},
  author={Markus Goldstein and Stefan Asanger and M. Reif and A. Hutchison},
  booktitle={ICPRAM},
  year={2013}
}
  • Markus Goldstein, Stefan Asanger, +1 author A. Hutchison
  • Published in ICPRAM 2013
  • Computer Science
  • Security Information and Event Management (SIEM) systems are today a key component of complex enterprise networks. They usually aggregate and correlate events from different machines and perform a rule-based analysis to detect threats. In this paper we present an enhancement of such systems which makes use of unsupervised anomaly detection algorithms without the need for any prior training of the system. For data acquisition, events are exported from an existing SIEM appliance, parsed, unified… CONTINUE READING
    8 Citations
    Experiences and Challenges in Enhancing Security Information and Event Management Capability Using Unsupervised Anomaly Detection
    • 9
    Towards a system for complex analysis of security events in large-scale networks
    • 10
    • PDF
    A Security Information and Event Management Pattern
    • 3
    • Highly Influenced
    • PDF
    Behavior Analysis Using Unsupervised Anomaly Detection
    • 8
    • PDF
    Security operations center — A need for an academic environment
    • 9
    Evaluation of in‐memory storage engine for machine learning analysis of security events
    • 5
    A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data
    • 362
    • PDF

    References

    SHOWING 1-10 OF 25 REFERENCES
    Security Information and Event Management (SIEM)
    • E. Schultz
    • Computer Science
    • Encyclopedia of Information Assurance
    • 2011
    • 96
    Improving Network Security through Traffic Log Anomaly Detection Using Time Series Analysis
    • 18
    Magic Quadrant for Security Information and Event Management
    • 91
    • PDF
    IBM Tivoli Security Operations Manager 4.1
    • 1
    Critical Capabilities for Security Information and Event Management
    • 18
    • PDF
    Anomaly detection: A survey
    • 7,027
    • PDF
    Nearest-Neighbor and Clustering based Anomaly Detection Algorithms for RapidMiner
    • 78
    • PDF
    A Survey of Outlier Detection Methodologies
    • 2,638
    • PDF