| مشخصات مقاله | |
| ترجمه عنوان مقاله | به سوی معماری SIEM برای خدمات امنیتی مبتنی بر ابر |
| عنوان انگلیسی مقاله | Toward the SIEM Architecture for Cloud-based Security Services |
| انتشار | مقاله سال 2017 |
| تعداد صفحات مقاله انگلیسی | 2 صفحه |
| هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
| منتشر شده در | نشریه IEEE |
| نوع مقاله | ISI |
| فرمت مقاله انگلیسی | |
| رشته های مرتبط | مهندسی کامپیوتر، فناوری اطلاعات |
| گرایش های مرتبط | رایانش ابری، امنیت اطلاعات |
| مجله | کنفرانس ارتباطات و امنیت شبکه – Conference on Communications and Network Security |
| دانشگاه | Information Security Research Division – ETRI – Korea |
| کلمات کلیدی | SIEM، مدیریت امنیت اطلاعات و رویداد، SECAaS، امنیت به عنوان یک سرویس، سرویس امنیتی مبتنی بر ابر |
| کلمات کلیدی انگلیسی | SIEM, Security Information and Event Management, SECaaS, Security-as-a-service, cloud-based security service |
| شناسه دیجیتال – doi |
https://doi.org/10.1109/CNS.2017.822869622222 |
| کد محصول | E9123 |
| وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
| دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
| سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
| بخشی از متن مقاله: |
|
I.INTRODUCTION The cloud computing represents one of the most significant changes in the field of information security technology such as cloud-based security-as-a-service. Although there are many information security technologies for this purpose, the SIEM (Security Information and Event Management) has been developed as an important component of enterprise network and network infrastructures and it has been a purpose-built solution to collect, aggregate, parse, normalize, store, distill tremendous event logs and correlate data from traditional security systems such as firewalls, intrusion detection /prevention systems, anti-malware systems, and others that are deployed at both the host and network domains [1,2]. We have been developing the SOA (Security-on-Air) project which is cloud-based security platform. In cloud data center, it enables to provide various security services to the multi-tenants by applying SDN / NFV technologies and virtualizing the security sensors such as virtual firewalls, virtual IPS, virtual DLP, virtual DPI, anti-malware system and others that are deployed at both the host and network domains. The proposed SIEM can be applied to maintain a huge number of security event log which is generated from virtualized security systems for ensuring cloud-based security service. For managing and analyzing the various logs and events which are generated by cloud-based security sensors in the SOA project, the SIEM needs to be designed not only to manage log and security events from various security systems, but also to achieve relevant correlation analytics for recognizing cyber threats. To do so, we referenced the OpenSoC [3] and complemented to our SIEM architecture for providing the various analysis model and data enrichment. In addition, because the main goal of the SIEM is to provide valuable security information provisioning and to perform a large-scaled data correlation for detecting cyber threats, we apply the Big Data platform which is composed of the distributed units based on Kafka, Spark, Elasticsearch and MongoDB [4, 5]. |