Abstract
With popularity of information system there is increased in various types of threads. Security Operations Center (SOC) is a central unit that monitor and control the organization traffic. The main function of the SOC is to provide an effective event detection by collecting log files information from different network devices (i.e. firewall, IDS, router etc.). The correlation analysis is known to be core and central part of SOC in which it correlate the different security events from more than one network security devices. In this paper, we propose a comprehensive architecture for correlation analysis that minimize the processing time of log les and gives effective way to implement mathematical model for correlation using a Venn diagram approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Deyang Zhang, “The analysis of event correlation in security operations center”, 2011 Fourth International Conference on Intelligent Computation Technology and Automation, pages 1214–1216, 2011.
Shuying Zhang, Yue Gao, Jianmei Ge, “The study of Network Event correlation Analysis based on Similar Degree of Attributes”, 2013 Fourth International Conference on Digital Manufacturing Automation.
Pravin kedar, Dayanand Ambawade, J.W. Bakal, “Mathematical Model For Correlation Analysis Using Venn Diagrams Approach To Improve The Performance Of Security Operation Center”, International Conference on Electronics and Communication Systems (ICECS), Coimbatore, India
Pierre Jacobs, Alapan Arnab, Barry Irwin Department of Computer Science Rhodes University Grahamstown, South Africa, “Classification of Security Operation Centers”, IEEE Transactions on Dependable and Secure Computing, 2013.
Afsaneh Madani, Saed Rezayi and Hossein Gharaee, “Log Management comprehensive architecture in Security Operation Center (SOC).”, Network Security Group, ICT Security Faculty, Iran Telecommunication Research Center (ITRC), Tehran, Iran, pages 284, 189, 2011.
Qishi Wu, Denise Ferebee, Yunyue Lin, Dipankar Dasgupta, “Visualization of Security Events Using an Efficient Correlation Technique”, pages 308–312, 2011.
Jing Liu, Lize Gu, Guosheng Xu, Xinxin Niu, “A Correlation Analysis Method Of Network Security Events Based On Rough Set theory”, Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China, pages 517–519, 2012.
Deyang Zhang, “The analysis of event correlation in security operations center”, 2011 Fourth International Conference on Intelligent Computation Technology and Automation, pages 1214–1216, 2011.
Qishi Wu, Yi Gu, “A Graph Similarity-based Approach to Security Event Analysis Using Correlation Techniques”, IEEE 2013.
Abe Chin-Ching Lin; Hsing-Kuo Wong; Tzong-Chen Wu, “Enhancing interoperability of security operation center to heterogeneous intrusion detection systems”, IEEE 2005.
“Log Files.” Apache HTTP Server Version 2.0. URL: http://apache.org/docs-2.4/logs.html (NOV 2015).
Acknowledgements
The authors thankful to the Sardar Patel Institute of Technology, India for providing the necessary facilities for carrying out this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ambawade, D., Kedar, P.M., Bakal, J.W. (2017). A Comprehensive Architecture for Correlation Analysis to Improve the Performance of Security Operation Center. In: Saini, H., Sayal, R., Rawat, S. (eds) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems, vol 8. Springer, Singapore. https://doi.org/10.1007/978-981-10-3818-1_23
Download citation
DOI: https://doi.org/10.1007/978-981-10-3818-1_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3817-4
Online ISBN: 978-981-10-3818-1
eBook Packages: EngineeringEngineering (R0)