A Comprehensive Architecture for Correlation Analysis to Improve the Performance of Security Operation Center
With popularity of information system there is increased in various types of threads. Security Operations Center (SOC) is a central unit that monitor and control the organization traffic. The main function of the SOC is to provide an effective event detection by collecting log files information from different network devices (i.e. firewall, IDS, router etc.). The correlation analysis is known to be core and central part of SOC in which it correlate the different security events from more than one network security devices. In this paper, we propose a comprehensive architecture for correlation analysis that minimize the processing time of log les and gives effective way to implement mathematical model for correlation using a Venn diagram approach.
KeywordsSEC SOC Event correlation
The authors thankful to the Sardar Patel Institute of Technology, India for providing the necessary facilities for carrying out this work.
- 1.Deyang Zhang, “The analysis of event correlation in security operations center”, 2011 Fourth International Conference on Intelligent Computation Technology and Automation, pages 1214–1216, 2011. Google Scholar
- 2.Shuying Zhang, Yue Gao, Jianmei Ge, “The study of Network Event correlation Analysis based on Similar Degree of Attributes”, 2013 Fourth International Conference on Digital Manufacturing Automation.Google Scholar
- 3.Pravin kedar, Dayanand Ambawade, J.W. Bakal, “Mathematical Model For Correlation Analysis Using Venn Diagrams Approach To Improve The Performance Of Security Operation Center”, International Conference on Electronics and Communication Systems (ICECS), Coimbatore, IndiaGoogle Scholar
- 4.Pierre Jacobs, Alapan Arnab, Barry Irwin Department of Computer Science Rhodes University Grahamstown, South Africa, “Classification of Security Operation Centers”, IEEE Transactions on Dependable and Secure Computing, 2013. Google Scholar
- 5.Afsaneh Madani, Saed Rezayi and Hossein Gharaee, “Log Management comprehensive architecture in Security Operation Center (SOC).”, Network Security Group, ICT Security Faculty, Iran Telecommunication Research Center (ITRC), Tehran, Iran, pages 284, 189, 2011. Google Scholar
- 6.Qishi Wu, Denise Ferebee, Yunyue Lin, Dipankar Dasgupta, “Visualization of Security Events Using an Efficient Correlation Technique”, pages 308–312, 2011. Google Scholar
- 7.Jing Liu, Lize Gu, Guosheng Xu, Xinxin Niu, “A Correlation Analysis Method Of Network Security Events Based On Rough Set theory”, Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China, pages 517–519, 2012. Google Scholar
- 8.Deyang Zhang, “The analysis of event correlation in security operations center”, 2011 Fourth International Conference on Intelligent Computation Technology and Automation, pages 1214–1216, 2011. Google Scholar
- 9.Qishi Wu, Yi Gu, “A Graph Similarity-based Approach to Security Event Analysis Using Correlation Techniques”, IEEE 2013. Google Scholar
- 10.Abe Chin-Ching Lin; Hsing-Kuo Wong; Tzong-Chen Wu, “Enhancing interoperability of security operation center to heterogeneous intrusion detection systems”, IEEE 2005. Google Scholar
- 11.“Log Files.” Apache HTTP Server Version 2.0. URL: http://apache.org/docs-2.4/logs.html (NOV 2015).