Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
Augmenting security event information with contextual data to improve the detection capabilities of a SIEM
The increasing number of cyber security breaches have revealed a need for proper cyber security measures. The emergence of the internet and the increase in overall connectivity means that data is more easily accessible and available. Using the available data in a security context may provide a syste...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Computer Science
2017
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613182553489408 |
|---|---|
| access_status_str | Open Access |
| author | Bissict, Jason |
| author2 | Hutchison, Andrew |
| author_browse | Bissict, Jason Hutchison, Andrew |
| author_facet | Hutchison, Andrew Bissict, Jason |
| author_sort | Bissict, Jason |
| collection | Thesis |
| description | The increasing number of cyber security breaches have revealed a need for proper cyber security measures. The emergence of the internet and the increase in overall connectivity means that data is more easily accessible and available. Using the available data in a security context may provide a system with an external contextual insight such as environmental awareness or current affair awareness. A security information and event management (SIEM) system is a security system that correlates security event information from surrounding systems and decides whether the surrounding environment (possibly an enterprise's network) is vulnerable or even under attack by a malicious person whether they be internal (authorised) or external (unauthorised). In this thesis, the aim is to provide such a system with con- text by adding non-security related information from surrounding available sources known as context information feeds. Contextual information feeds are added to the SIEM and tested using randomised events. There are various context information types used in this thesis, namely: social media, meteorological, calendar information and terror threat level. The SIEM is tested with each contextual data feed active and the results are recorded. The testing shows that the addition of contextual data feeds actively affects the sensitivity of OSSIM and hence results in higher alarms raised during elevated context triggered states. The system showed a greater and deeper visibility of its surrounding environment and hence an improved detection capability. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/25207 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:32:05.102Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2017 |
| publishDateRange | 2017 |
| publishDateSort | 2017 |
| publisher | Department of Computer Science |
| publisherStr | Department of Computer Science |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/25207 Augmenting security event information with contextual data to improve the detection capabilities of a SIEM Bissict, Jason Hutchison, Andrew Computer Science The increasing number of cyber security breaches have revealed a need for proper cyber security measures. The emergence of the internet and the increase in overall connectivity means that data is more easily accessible and available. Using the available data in a security context may provide a system with an external contextual insight such as environmental awareness or current affair awareness. A security information and event management (SIEM) system is a security system that correlates security event information from surrounding systems and decides whether the surrounding environment (possibly an enterprise's network) is vulnerable or even under attack by a malicious person whether they be internal (authorised) or external (unauthorised). In this thesis, the aim is to provide such a system with con- text by adding non-security related information from surrounding available sources known as context information feeds. Contextual information feeds are added to the SIEM and tested using randomised events. There are various context information types used in this thesis, namely: social media, meteorological, calendar information and terror threat level. The SIEM is tested with each contextual data feed active and the results are recorded. The testing shows that the addition of contextual data feeds actively affects the sensitivity of OSSIM and hence results in higher alarms raised during elevated context triggered states. The system showed a greater and deeper visibility of its surrounding environment and hence an improved detection capability. 2017-09-14T12:28:47Z 2017-09-14T12:28:47Z 2017 Master Thesis Masters MSc http://hdl.handle.net/11427/25207 eng application/pdf Department of Computer Science Faculty of Science University of Cape Town |
| spellingShingle | Computer Science Bissict, Jason Augmenting security event information with contextual data to improve the detection capabilities of a SIEM |
| thesis_degree_str | Master's |
| title | Augmenting security event information with contextual data to improve the detection capabilities of a SIEM |
| title_full | Augmenting security event information with contextual data to improve the detection capabilities of a SIEM |
| title_fullStr | Augmenting security event information with contextual data to improve the detection capabilities of a SIEM |
| title_full_unstemmed | Augmenting security event information with contextual data to improve the detection capabilities of a SIEM |
| title_short | Augmenting security event information with contextual data to improve the detection capabilities of a SIEM |
| title_sort | augmenting security event information with contextual data to improve the detection capabilities of a siem |
| topic | Computer Science |
| url | http://hdl.handle.net/11427/25207 |
| work_keys_str_mv | AT bissictjason augmentingsecurityeventinformationwithcontextualdatatoimprovethedetectioncapabilitiesofasiem |