A. V. Fedorchenko, D. S. Levshun, A. A. Chechulin, I. V. Kotenko, “An analysis of security event correlation techniques in SIEM-systems. Part 2”, Tr. SPIIRAN, 2016, Issue 49,Pages <nobr>208

This article is cited in 4 papers

Information Security

An analysis of security event correlation techniques in SIEM-systems. Part 2

A. V. Fedorchenko, D. S. Levshun, A. A. Chechulin, I. V. Kotenko

St. Petersburg Institute for Informatics and Automation of the Russian Academy of Science (SPIIRAS)

Abstract: The paper proceeds research of the security event correlation methods in Security Information and Event Management (SIEM) systems. In this part we consider correlation methods of information security events that can be applied during separate correlation stages described in the previous paper. Classification of the considered correlation methods and analysis of their advantages and disadvantages are provided. The effectiveness of using these methods at different stages of the correlation process is evaluated.

Keywords: data correlation techniques; security event; security event analysis; computer network security evaluation systems; SIEM-systems.

UDC: 004.056.53

DOI: 10.15622/sp.49.11