Title | ||
---|---|---|
A Practical Experience on Evaluating Intrusion Prevention System Event Data as Indicators of Security Issues |
Abstract | ||
---|---|---|
There are currently no generally accepted metrics for information security issues. One reason is the lack of validation using empirical data. In this practical experience report, we investigate whether metrics obtained from security devices used to monitor network traffic can be employed as indicators of security incidents. If so, security experts can use this information to better define priorities on security inspection and also to develop new rules for incident prevention. The metrics we investigate are derived from intrusion detection and prevention system (IDPS) alert events. We performed an empirical case study using IDPS data provided by a large organization of about 40,000 computers. The results indicate that characteristics of alerts can be used to depict trends in some security issues and consequently serve as indicators of security performance. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1109/SRDS.2015.17 | IEEE International Symposium on Reliable Distributed Systems |
Keywords | Field | DocType |
network and security management,security metrics,empirical study,security incidents,intrusion detection and prevention systems | Security testing,Asset (computer security),Computer science,Computer security,Information security,Security service,Cloud computing security,Security information and event management,Information security audit,Security management | Conference |
ISSN | Citations | PageRank |
1060-9857 | 1 | 0.36 |
References | Authors | |
19 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Rodrigo Sanches Miani | 1 | 77 | 11.20 |
Bruno Bogaz Zarpelão | 2 | 98 | 10.59 |
Bertrand Sobesto | 3 | 12 | 2.71 |
Michel Cukier | 4 | 668 | 54.60 |