Closing the loop of SIEM analysis to Secure Critical Infrastructures
Alessia Garofalo, Cesario Di Sarno, Ilaria Matteucci, Marco Vallini,, Valerio Formicola
TL;DR
This paper presents an advanced SIEM system designed to improve critical infrastructure security by enabling multi-layer analysis, conflict resolution, unauthorized path detection, and resilient event storage.
Contribution
It introduces novel components for layered analysis, policy conflict resolution, and secure event storage, enhancing SIEM capabilities for critical infrastructure protection.
Findings
Enhanced detection of security policy conflicts
Ability to reconfigure network devices dynamically
Ensured integrity and unforgeability of stored events
Abstract
Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Software System Performance and Reliability · Network Packet Processing and Optimization