A Survey of Security Event Correlation Techniques for Cloud Computing Environment Security
Abstract
Introduction: The increased complexity of attacks on cloud infrastructures leads to the necessity to develop security mechanisms able to analyze security events, including those separated in time. In addition, there is a need to verify the reliability of generated security events, as well as to assess the criticality of a security event in the context of the monitored asset criticality. This defines a need for a security event correlation module as a core element of the system. Purpose: We analyze the developed event correlation techniques and assess their applicability in cloud infrastructure. Results: The analysis of the major event correlation algorithms and available software has shown that there are three main approaches to the development of such algorithms: the approach on the base of security event similarity, the knowledge-based approach and probabilistic approaches. The following assessment criteria for the comparison of the existing approaches have been defined: the ability to correlate events from heterogeneous data sources, the requirements to prior knowledge base, the event correlation accuracy, and the ability to detect novel and multistep attacks. The results of the comparison analysis are presented. Practical relevance: The results of the research can be used in the development of protection mechanisms against targeted persistent attacks, securing cloud computing environment. The usage of security event correlation techniques enables security tools to prioritize security events more accurately and respond timely.Published
2017-10-20
How to Cite
Novikova, E., Bekeneva, Y., Shorov, A., & Fedotov, E. (2017). A Survey of Security Event Correlation Techniques for Cloud Computing Environment Security. Information and Control Systems, (5), 95-104. https://doi.org/10.15217/issn1684-8853.2017.5.95
Issue
Section
Information security