Topic: Log mining for security breaches identification.
The growth of unstructured messages generated by computer systems and applications in modern computing environment poses a significant challenge in managing and using the information contained in the messages. Although these data contain a wealth of information that is useful for advanced threat detection, the high volume, variety, and complexity of data make it difficult to analyze them even by well-trained security analysts. While conventional Security Information and Event Management (SIEM) systems provide some capability to collect, correlate, and detect certain events from structured messages, their rule-based correlation and detection algorithms fall short in utilizing the information within the unstructured messages.
The objective of this project is to investigate existing methods for mining unstructured logs to extract and characterize security threats. A PoC would be demonstrating existing methods and techniques available.
Project instructions
1. The research SHOULD include figures of processes, methodologies, and investigation applications. It should be from 3000 to 3500 words maximum. The references should not be less than 9.
2. The research SHOULD be in IEEE formatting with the proper styles.
3. The paper is between 6 pages and 8 pages (single spaced lines, font size <=11).
4. Kindly update us about your progress frequently, this will help us to review the work and see the way forward.
5. The practical part was done ImagingSteps.docx, please ensure that the research is around that. Also, make sure to include screenshots were applicable in the research. Experimental Procedures section in the research will include the practical part ImagingSteps.docxthat. Also, makes sure to include screenshots were applicable in the research. Experimental Procedures section in the research will include the practical part ImagingSteps.docx
Project Sections
Abstract
A brief summary of the detailed research project, please add keywords which are important terms not known to common readers.
Introduction
1. Introduce SIEM solution benefit and importance. Mention also other SIEM solution products in the market eg. ArcSight, QRadar etc
2. Discuss the different feature of the SIEM.
3. The development of SIEM solution in the different generation and how it contributed to enhance and change the security industry.
4. Address the challenges and issue which might arise from using a SIEM.
5. Giving examples of attacks that a SIEM can detect and how to respond, and automation (mention brute-force attack as one type of attack and give several).
Literature Review
1. Describe the most relevant prior work and their key insights.
2. Critically analyzing existing literature in investigation using a SIEM solution.
3. Discuss pros and cons of each methods found.
Experimental procedures 1. Detailed description of what we are trying to accomplish.
2. Explore the different type of alarms and how to prioritize and classify them.
3. Specify tools you will be using in investigating in this case LogRhythm.
4. Explain the proper procedures which are done in investigating successful Brute-force attack alarm.
5. Conclude our finding
Conclusion and Future Work
1. Explain how SIEM can make investigation less tedious and efficient.
2. Summarize the key aspects of the research
3. Imply potential future work
4. Opinion on the research carried out
References
References will be taken based on the found readings. Please provide 9 or more references no less.
