Augmenting security event information with contextual data to improve the detection capabilities of a SIEM

DSpace/Manakin Repository

 

Show simple item record

dc.contributor.advisor Hutchison, Andrew en_ZA
dc.contributor.author Bissict, Jason en_ZA
dc.date.accessioned 2017-09-14T12:28:47Z
dc.date.available 2017-09-14T12:28:47Z
dc.date.issued 2017 en_ZA
dc.identifier.uri http://hdl.handle.net/11427/25207
dc.description.abstract The increasing number of cyber security breaches have revealed a need for proper cyber security measures. The emergence of the internet and the increase in overall connectivity means that data is more easily accessible and available. Using the available data in a security context may provide a system with an external contextual insight such as environmental awareness or current affair awareness. A security information and event management (SIEM) system is a security system that correlates security event information from surrounding systems and decides whether the surrounding environment (possibly an enterprise's network) is vulnerable or even under attack by a malicious person whether they be internal (authorised) or external (unauthorised). In this thesis, the aim is to provide such a system with con- text by adding non-security related information from surrounding available sources known as context information feeds. Contextual information feeds are added to the SIEM and tested using randomised events. There are various context information types used in this thesis, namely: social media, meteorological, calendar information and terror threat level. The SIEM is tested with each contextual data feed active and the results are recorded. The testing shows that the addition of contextual data feeds actively affects the sensitivity of OSSIM and hence results in higher alarms raised during elevated context triggered states. The system showed a greater and deeper visibility of its surrounding environment and hence an improved detection capability. en_ZA
dc.language.iso eng en_ZA
dc.subject.other Computer Science en_ZA
dc.title Augmenting security event information with contextual data to improve the detection capabilities of a SIEM en_ZA
dc.type Thesis en_ZA
uct.type.publication Research en_ZA
uct.type.resource Thesis en_ZA
dc.publisher.institution University of Cape Town
dc.publisher.faculty Faculty of Science en_ZA
dc.publisher.department Department of Computer Science en_ZA
dc.type.qualificationlevel Masters en_ZA
dc.type.qualificationname MSc en_ZA
uct.type.filetype Text
uct.type.filetype Image


Files in This Item:

This item appears in the following Collection(s)

Show simple item record

Total Visits Views
Augmenting security event information with contextual data to improve the detection capabilities of a SIEM 73
Total Visits Per Month Mar 2017 Apr 2017 May 2017 Jun 2017 Jul 2017 Aug 2017 Sep 2017
Augmenting security event information with contextual data to improve the detection capabilities of a SIEM 0 0 0 0 0 0 73
File Visits Views
thesis_sci_2017_bissict_jason.pdf 48
File Visits Per Month Mar 2017 Apr 2017 May 2017 Jun 2017 Jul 2017 Aug 2017 Sep 2017
thesis_sci_2017_bissict_jason.pdf 0 0 0 0 0 0 48