POSITIVE HACK DAYS



ORGANIZER

Program

Using the event types relationship graph for data correlation in SIEM systems

Want to visit   +59

Authors: Andrey Fedorchenko, Andrey Chechulin, and Igor Kotenko

The talk will focus on correlation-related research for SIEM systems based on the structural analysis of types of security events. The speakers provide an approach to automated analysis, which considers security events as input data with dynamic content. A graph of event types with direct and indirect relationships between them is suggested for automated analysis. Handling of input security data involves functional and behavioral analysis performed by calculating the frequency-time characteristics of events, classifying events by severity, and creating behavior patterns. The suggested approach allows you to use rank correlation, along with other intelligent techniques. Requirements for normalization of source data are also stated. The speakers will demonstrate an analysis of security event log and event types relationship graph resulting from this analysis.

  • Language
  • Russian

Andrey Fedorchenko
Junior research associate at the Laboratory of Computer Security Problems (Saint-Petersburg Institute for Informatics and Automation). Engaged in research in the field of event correlation and information security in SIEM systems. Finalist for Young School competition held at PHDays V.

Andrey Chechulin
Senior research associate at the Laboratory of Computer Security Problems (Saint-Petersburg Institute for Informatics and Automation). Participant of several Russian and international projects dedicated to various aspects of information security. Was involved in the development of a course on computer forensics at Federal Criminal Police Office of Germany, development of systems for analytical modeling of attacks in the context of the The 7th European Framework Programme (FP7), development of visualization systems for the projects of the Federal Targeted Program of the Russian Federation. Spoke at a number of national and international conferences on computer security.

Igor Kotenko
Head of the Laboratory of Computer Security Problems (Saint-Petersburg Institute for Informatics and Automation). Participated in a variety of projects to develop new technologies for information security (project management for the Federal Target Program of the Russian Federation, the Russian Science Foundation, the Russian Foundation for Basic Research, the European Framework Programmes FP6 and FP7, projects commissioned by HP, Intel, and F-Secure). Speaker at a number of conferences on computer security.

Andrey Fedorchenko, Andrey Chechulin, and Igor Kotenko Andrey Fedorchenko, Andrey Chechulin, and Igor Kotenko

Back to the list