Analysis of security data from a large computing organization

A. Sharma; Zbigniew T Kalbarczyk; J. Barlow; Ravishankar K Iyer

doi:10.1109/DSN.2011.5958263

Analysis of security data from a large computing organization

A. Sharma, Zbigniew T Kalbarczyk, J. Barlow, Ravishankar K Iyer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.

Original language	English (US)
Title of host publication	2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011
Pages	506-517
Number of pages	12
DOIs	https://doi.org/10.1109/DSN.2011.5958263
State	Published - 2011
Event	2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 - Hong Kong, Hong Kong Duration: Jun 27 2011 → Jun 30 2011

Publication series

Name	Proceedings of the International Conference on Dependable Systems and Networks

Other

Other	2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011
Country/Territory	Hong Kong
City	Hong Kong
Period	6/27/11 → 6/30/11

Keywords

alerts
incident/attack data analysis
large scale computing systems
security monitoring

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Networks and Communications

Online availability

10.1109/DSN.2011.5958263

Library availability

Discover UIUC Full Text

Cite this

Sharma, A., Kalbarczyk, Z. T., Barlow, J., & Iyer, R. K. (2011). Analysis of security data from a large computing organization. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 (pp. 506-517). Article 5958263 (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2011.5958263

Analysis of security data from a large computing organization. / Sharma, A.; Kalbarczyk, Zbigniew T; Barlow, J. et al.
2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011. 2011. p. 506-517 5958263 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sharma, A, Kalbarczyk, ZT, Barlow, J & Iyer, RK 2011, Analysis of security data from a large computing organization. in 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011., 5958263, Proceedings of the International Conference on Dependable Systems and Networks, pp. 506-517, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011, Hong Kong, Hong Kong, 6/27/11. https://doi.org/10.1109/DSN.2011.5958263

@inproceedings{f4063f2e67874f8884e90ffe9acff458,

title = "Analysis of security data from a large computing organization",

abstract = "This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.",

keywords = "alerts, incident/attack data analysis, large scale computing systems, security monitoring",

author = "A. Sharma and Kalbarczyk, {Zbigniew T} and J. Barlow and Iyer, {Ravishankar K}",

year = "2011",

doi = "10.1109/DSN.2011.5958263",

language = "English (US)",

isbn = "9781424492336",

series = "Proceedings of the International Conference on Dependable Systems and Networks",

pages = "506--517",

booktitle = "2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011",

note = "2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011 ; Conference date: 27-06-2011 Through 30-06-2011",

}

TY - GEN

T1 - Analysis of security data from a large computing organization

AU - Sharma, A.

AU - Kalbarczyk, Zbigniew T

AU - Barlow, J.

AU - Iyer, Ravishankar K

PY - 2011

Y1 - 2011

N2 - This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.

AB - This paper presents an in-depth study of the forensic data on security incidents that have occurred over a period of 5 years at the National Center for Supercomputing Applications at the University of Illinois. The proposed methodology combines automated analysis of data from security monitors and system logs with human expertise to extract and process relevant data in order to: (i) determine the progression of an attack, (ii) establish incident categories and characterize their severity, (iii) associate alerts with incidents, and (iv) identify incidents missed by the monitoring tools and examine the reasons for the escapes. The analysis conducted provides the basis for incident modeling and design of new techniques for security monitoring.

KW - alerts

KW - incident/attack data analysis

KW - large scale computing systems

KW - security monitoring

UR - http://www.scopus.com/inward/record.url?scp=80051938080&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80051938080&partnerID=8YFLogxK

U2 - 10.1109/DSN.2011.5958263

DO - 10.1109/DSN.2011.5958263

M3 - Conference contribution

AN - SCOPUS:80051938080

SN - 9781424492336

T3 - Proceedings of the International Conference on Dependable Systems and Networks

SP - 506

EP - 517

BT - 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011

T2 - 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks, DSN 2011

Y2 - 27 June 2011 through 30 June 2011

ER -

Analysis of security data from a large computing organization

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this