首页    期刊浏览 2024年11月30日 星期六
登录注册

文章基本信息

  • 标题:An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence
  • 本地全文:下载
  • 作者:Walter Fuertes ; Francisco Reyes ; Paúl Valladares
  • 期刊名称:Systems
  • 电子版ISSN:2079-8954
  • 出版年度:2017
  • 卷号:5
  • 期号:4
  • 页码:52
  • DOI:10.3390/systems5040052
  • 语种:English
  • 出版社:MDPI Publishing
  • 摘要:Cyber-attacks have increased in severity and complexity. That requires, that the CERT/CSIRT research and develops new security tools. Therefore, our study focuses on the design of an integral model based on Business Intelligence (BI), which provides reactive and proactive services in a CSIRT, in order to alert and reduce any suspicious or malicious activity on information systems and data networks. To achieve this purpose, a solution has been assembled, that generates information stores, being compiled from a continuous network transmission of several internal and external sources of an organization. However, it contemplates a data warehouse, which is focused like a correlator of logs, being formed by the information of feeds with diverse formats. Furthermore, it analyzed attack detection and port scanning, obtained from sensors such as Snort and Passive Vulnerability Scanner, which are stored in a database, where the logs have been generated by the systems. With such inputs, we designed and implemented BI systems using the phases of the Ralph Kimball methodology, ETL and OLAP processes. In addition, a software application has been implemented using the SCRUM methodology, which allowed to link the obtained logs to the BI system for visualization in dynamic dashboards, with the purpose of generating early alerts and constructing complex queries using the user interface through objects structures. The results demonstrate, that this solution has generated early warnings based on the level of criticality and level of sensitivity of malware and vulnerabilities as well as monitoring efficiency, increasing the level of security of member institutions.
  • 关键词:CSIRT; data warehouse; cyber-attacks; ETL; OLAPS; Kimball; SCRUM; vulnerability analysis; Incident Managers CSIRT ; data warehouse ; cyber-attacks ; ETL ; OLAPS ; Kimball ; SCRUM ; vulnerability analysis ; Incident Managers
国家哲学社会科学文献中心版权所有