Augmenting security event information with contextual data to improve the detection capabilities of a SIEM
| dc.contributor.advisor | Hutchison, Andrew | en_ZA |
| dc.contributor.author | Bissict, Jason | en_ZA |
| dc.date.accessioned | 2017-09-14T12:28:47Z | |
| dc.date.available | 2017-09-14T12:28:47Z | |
| dc.date.issued | 2017 | en_ZA |
| dc.description.abstract | The increasing number of cyber security breaches have revealed a need for proper cyber security measures. The emergence of the internet and the increase in overall connectivity means that data is more easily accessible and available. Using the available data in a security context may provide a system with an external contextual insight such as environmental awareness or current affair awareness. A security information and event management (SIEM) system is a security system that correlates security event information from surrounding systems and decides whether the surrounding environment (possibly an enterprise's network) is vulnerable or even under attack by a malicious person whether they be internal (authorised) or external (unauthorised). In this thesis, the aim is to provide such a system with con- text by adding non-security related information from surrounding available sources known as context information feeds. Contextual information feeds are added to the SIEM and tested using randomised events. There are various context information types used in this thesis, namely: social media, meteorological, calendar information and terror threat level. The SIEM is tested with each contextual data feed active and the results are recorded. The testing shows that the addition of contextual data feeds actively affects the sensitivity of OSSIM and hence results in higher alarms raised during elevated context triggered states. The system showed a greater and deeper visibility of its surrounding environment and hence an improved detection capability. | en_ZA |
| dc.identifier.apacitation | Bissict, J. (2017). <i>Augmenting security event information with contextual data to improve the detection capabilities of a SIEM</i>. (Thesis). University of Cape Town ,Faculty of Science ,Department of Computer Science. Retrieved from http://hdl.handle.net/11427/25207 | en_ZA |
| dc.identifier.chicagocitation | Bissict, Jason. <i>"Augmenting security event information with contextual data to improve the detection capabilities of a SIEM."</i> Thesis., University of Cape Town ,Faculty of Science ,Department of Computer Science, 2017. http://hdl.handle.net/11427/25207 | en_ZA |
| dc.identifier.citation | Bissict, J. 2017. Augmenting security event information with contextual data to improve the detection capabilities of a SIEM. University of Cape Town. | en_ZA |
| dc.identifier.ris | TY - Thesis / Dissertation AU - Bissict, Jason AB - The increasing number of cyber security breaches have revealed a need for proper cyber security measures. The emergence of the internet and the increase in overall connectivity means that data is more easily accessible and available. Using the available data in a security context may provide a system with an external contextual insight such as environmental awareness or current affair awareness. A security information and event management (SIEM) system is a security system that correlates security event information from surrounding systems and decides whether the surrounding environment (possibly an enterprise's network) is vulnerable or even under attack by a malicious person whether they be internal (authorised) or external (unauthorised). In this thesis, the aim is to provide such a system with con- text by adding non-security related information from surrounding available sources known as context information feeds. Contextual information feeds are added to the SIEM and tested using randomised events. There are various context information types used in this thesis, namely: social media, meteorological, calendar information and terror threat level. The SIEM is tested with each contextual data feed active and the results are recorded. The testing shows that the addition of contextual data feeds actively affects the sensitivity of OSSIM and hence results in higher alarms raised during elevated context triggered states. The system showed a greater and deeper visibility of its surrounding environment and hence an improved detection capability. DA - 2017 DB - OpenUCT DP - University of Cape Town LK - https://open.uct.ac.za PB - University of Cape Town PY - 2017 T1 - Augmenting security event information with contextual data to improve the detection capabilities of a SIEM TI - Augmenting security event information with contextual data to improve the detection capabilities of a SIEM UR - http://hdl.handle.net/11427/25207 ER - | en_ZA |
| dc.identifier.uri | http://hdl.handle.net/11427/25207 | |
| dc.identifier.vancouvercitation | Bissict J. Augmenting security event information with contextual data to improve the detection capabilities of a SIEM. [Thesis]. University of Cape Town ,Faculty of Science ,Department of Computer Science, 2017 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/25207 | en_ZA |
| dc.language.iso | eng | en_ZA |
| dc.publisher.department | Department of Computer Science | en_ZA |
| dc.publisher.faculty | Faculty of Science | en_ZA |
| dc.publisher.institution | University of Cape Town | |
| dc.subject.other | Computer Science | en_ZA |
| dc.title | Augmenting security event information with contextual data to improve the detection capabilities of a SIEM | en_ZA |
| dc.type | Master Thesis | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationname | MSc | en_ZA |
| uct.type.filetype | Text | |
| uct.type.filetype | Image | |
| uct.type.publication | Research | en_ZA |
| uct.type.resource | Thesis | en_ZA |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- thesis_sci_2017_bissict_jason.pdf
- Size:
- 5.94 MB
- Format:
- Adobe Portable Document Format
- Description: