Smart SIEM: From Big Data Logs and Events to Smart Data Alerts
Mohammed EL Arass1, Nissrine Souissi2
1Mohammed EL ARASS, Mohammed V University in Rabat, EMI-SIWEB Team, Rabat Morocco.
2Nissrine SOUISSI, Mohammed V University in Rabat, EMI-SIWEB Team, Rabat Morocco.
Manuscript received on 02 June 2019 | Revised Manuscript received on 10 June 2019 | Manuscript published on 30 June 2019 | PP: 3186-3191 | Volume-8 Issue-8, June 2019 | Retrieval Number: H7327068819/19©BEIESP
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Cyber defense has become an increasingly recurrent and even a mandatory requirement for any type of organization that holds an Information System. In this context, a SIEM is the most suitable system for malicious activities detection. However, current classical SIEMs neglect Big Data issues. To fill the gap, this paper proposes a new generation open source SIEM composed of a Big Data platform ELK integrated with other intrusion detection and load-balancing tools named Smart SIEM. The features of the proposed system have been tested in a virtual environment composed of several Windows and Linux devices to see how it behaves against some of the most well-known attack scenarios in the literature, and the results were challenging. The proposed prototype was also compared to the most advanced SIEM QRadar and another new generation SIEM from scientific research.
Keyword: Big Data, Cybersecurity, Data LifeCycle (DLC), Smart DLC, Elastic Stack Log and Kibana (ELK), Security Information Event Management (SIEM).
Scope of the Article: Big Data Analytics and Business Intelligence.