Evaluation of Security Information and Event Management Systems for Custom Security Visualization Generation

2018-12-04
Sonmez, Ferda Ozdemir
Günel Kılıç, Banu
Security Information and Event Management Systems (SIEM) are generally very complex systems encapsulating a large number of functions with different behaviors. Visualization is a common way of data presentation in these systems along with other data presentation ways such as reporting, alerting, text messaging. However, generation of the visualization has different steps. If the data is in a custom format, rather than a predefined format which either obeys a standard or a known file structure, the generation of custom visualizations may not be straightforward. Evaluation information for these tools related to custom visualization generation capabilities may be useful for better decision making. This information can be used while designing visualizations through SIEM systems or purchasing the most useful SIEM system for an organization. In this study, six well-known SIEM systems are evaluated through a common scenario created by the authors to check custom visualization generation capabilities. The contributions include this unique scenario and the advantages and disadvantages regarding various steps of the provided scenario along with the difficulties experienced by the authors during the installation and configuration of these SIEM systems.
International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT)

Suggestions

A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Some characterizations of generalized s-plateaued functions
Çelik, Emircan; Özbudak, Ferruh; Department of Cryptography (2017)
Plateaued functions play important role in cryptography because of their various desirable cryptographic features. Due to this characteristics they have been widely studied in the literature. This studies include p-ary functions and some generalizations of the boolean functions. In this thesis, we present some of this important work and show that plateaued functions can be generalized much more general framework naturally. Characterizations of generalized plateaued functions using Walsh power moments are al...
Hierarchical multitasking control of discrete event systems: Computation of projections and maximal permissiveness
Schmidt, Klaus Verner; Cury, José E.r. (null; 2010-12-01)
This paper extends previous results on the hierarchical and decentralized control of multitasking discrete event systems (MTDES). Colored observers, a generalization of the observer property, together with local control consistency, allow to derive sufficient conditions for synthesizing modular and hierarchical control that are both strongly nonblocking (SNB) and maximally permissive. A polynomial procedure to verify if a projection fulfills the above properties is proposed and in the case they fail for a g...
Some Studies on CCZ-Equivalence of the Inverse Function
Fidan, Mehtap; ÖZBUDAK, Ferruh; Department of Cryptography (2021-9-28)
Most cryptographic systems, like block ciphers, depend heavily on vectorial Boolean functions. A function with good cryptological properties should have low differential uniformity which is invariant under some equivalence classes. The more general one of these is CCZ-equivalence which is introduced by Carlet, Charpin and Zinoviev in 1998. In cryptography, CCZ-equivalence gained an interest since it preserves many significant properties like differential uniformity. Looking for permutations within the CCZ-c...
Enhanced adjacent extreme-point search and tabu search for the minimum concave-cost uncapacitated transshipment problem
Bazlamaçcı, Cüneyt Fehmi (Informa UK Limited, 1996-09-01)
Practicable methods for optimising concave-cast, uncapacitated transshipment networks are non exact. In this paper, one such effective method, that of adjacent extreme point search, is further developed to enhance its overall computational efficiency. The enhanced search algorithm is then imbedded in a tabu search scheme which proved capable of finding better solutions, by a wide margin in some instances. Another tabu search scheme, somewhat inferior in terms of solution quality but computationally more eff...
Citation Formats
F. O. Sonmez and B. Günel Kılıç, “Evaluation of Security Information and Event Management Systems for Custom Security Visualization Generation,” presented at the International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), Ankara, TURKEY, 2018, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/55643.