Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT
1 recurso en línea (páginas 21-29).
| Main Authors: | , , , , , |
|---|---|
| Format: | Artículo de revista |
| Language: | eng |
| Published: |
Universidad Pedagógica y Tecnológica de Colombia
2018
|
| Subjects: | |
| Online Access: | http://repositorio.uptc.edu.co/handle/001/2168 |
| _version_ | 1801705886494752768 |
|---|---|
| author | Reyes Mena, Francisco Xavier Fuertes Díaz, Walter Marcelo Guzmán Jaramillo, Carlos Enrique Pérez Estévez, Ernesto Bernal Barzallo, Paúl Fernando Villacís Silva, César Javier |
| author_facet | Reyes Mena, Francisco Xavier Fuertes Díaz, Walter Marcelo Guzmán Jaramillo, Carlos Enrique Pérez Estévez, Ernesto Bernal Barzallo, Paúl Fernando Villacís Silva, César Javier |
| author_sort | Reyes Mena, Francisco Xavier |
| collection | DSpace |
| description | 1 recurso en línea (páginas 21-29). |
| format | Artículo de revista |
| id | repositorio.uptc.edu.co-001-2168 |
| institution | Repositorio Institucional UPTC |
| language | eng |
| publishDate | 2018 |
| publisher | Universidad Pedagógica y Tecnológica de Colombia |
| record_format | dspace |
| spelling | repositorio.uptc.edu.co-001-21682021-02-10T18:57:24Z Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT Aplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académico Aplicação de Inteligência de Negócios para a análise de vulnerabilidades em prol de incrementar o nível de segurança em um CSIRT acadêmico Reyes Mena, Francisco Xavier Fuertes Díaz, Walter Marcelo Guzmán Jaramillo, Carlos Enrique Pérez Estévez, Ernesto Bernal Barzallo, Paúl Fernando Villacís Silva, César Javier Computer engineering Computer security Data structures (Computer science) Business intelligence Cybersecurity Decision making Early alerts Electronic data processing ETL Vulnerability analysis 1 recurso en línea (páginas 21-29). This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball’s methodology to develop several routines that allowed applying the “Extract, Transform, and Load” process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members. Esta pesquisa teve como objetivo desenhar uma solução para a tomada de decisões mediante Inteligência de Negócios, que permite adquirir dados e informação de uma ampla variedade de fontes e utilizá-los na tomada de decisões na análise de vulnerabilidades de um equipamento de resposta ante incidentes informáticos (CSIRT). Este estudo tem se desenvolvido em um CSIRT Acadêmico que agrupa várias universidades embros do Equador. Para realizá-lo, aplicou-se a metodologia de Pesquisa-Ação com um enfoque qualitativo, dividido em três fases: Primeira, realizou-se uma avaliação comparativa de duas ferramentas de análise de intrusos: Pasive Vulnerability Scanner e Snort, que são utilizadas pelo CSIRT, para verificar seus benefícios e se são excludentes ou complementários; imediatamente são guardados os logs em tempo real dos incidentes registrados por ditas ferramentas em uma base de dados relacional MySQL. Segunda, aplicou-se a metodologia de Ralph Kimball para o desenvolvimento de várias rotinas que permitam aplicar o processo “Extrair, Transformar e Carregar” dos logs não normalizados, que logo seriam processados por uma interface gráfica. Terceira, construiu-se uma aplicação de software mediante a metodologia Ágil Scrum, que realize uma análise inteligente com os logs obtidos mediante a ferramenta Pentaho BI, com o propósito de gerar alertas precoces como um fator estratégico. Os resultados mostram a funcionalidade desta solução que tem gerado alertas precoces e que, em consequência, tem incrementado o nível de segurança das universidades embros do CSIRT acadêmico. Esta investigación tuvo como objetivo diseñar una solución para la toma de decisiones mediante Inteligencia de Negocios, que permite adquirir datos e información de una amplia variedad de fuentes y utilizarlos en la toma de decisiones en el análisis de vulnerabilidades de un equipo de respuesta ante incidentes informáticos (CSIRT). Este estudio se ha desarrollado en un CSIRT Académico que agrupa varias universidades miembros del Ecuador. Para llevarlo a cabo se aplicó la metodología de Investigación-Acción con un enfoque cualitativo, dividido en tres fases: Primera, se realizó una evaluación comparativa de dos herramientas de análisis de intrusos: Passive Vulnerability Scanner y Snort, que son utilizadas por el CSIRT, para verificar sus bondades y verificar si son excluyentes o complementarias; enseguida se han guardado los logs en tiempo real de los incidentes registrados por dichas herramientas en una base de datos relacional MySQL. Segunda, se aplicó la metodología de Ralph Kimball para el desarrollo de varias rutinas que permitan aplicar el proceso “Extraer, Transformar y Cargar” de los logs no normalizados, que luego serían procesados por una interfaz gráfica. Tercera, se construyó una aplicación de software mediante la metodología Ágil Scrum, que realice un análisis inteligente con los logs obtenidos mediante la herramienta Pentaho BI, con el propósito de generar alertas tempranas como un factor estratégico. Los resultados muestran la funcionalidad de esta solución que ha generado alertas tempranas y que, en consecuencia, ha incrementado el nivel de seguridad de las universidades miembros del CSIRT académico. Bibliografía: página 29. 2018-09-10T15:53:48Z 2018-09-10T15:53:48Z 2018-01-15 Artículo de revista http://purl.org/coar/resource_type/c_6501 info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion Text https://purl.org/redcol/resource_type/ART http://purl.org/coar/version/c_970fb48d4fbd8a85 Reyes Mena, F. X. y otros. (2018). Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT. Revista Facultad de Ingeniería, 27(47), 21-29. https://doi.org/10.19053/01211129.v27.n47.2018.7747. http://repositorio.uptc.edu.co/handle/001/2168 2357-5328 http://repositorio.uptc.edu.co/handle/001/2168 10.19053/01211129.v27.n47.2018.7747 eng M. Letho, “Cyber Security Education and Research in the Finland’s Universities and Universities of Applied Sciences,” International Journal of Cyber Warfare and Terrorism (IJCWT), vol. 6(2), pp. 15-31, Apr. 2016. DOI: http://doi.org/10.4018/ IJCWT.2016040102. P. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer security incident handling guide,” NIST Special Publication 800-61, 2012 M. West-Brown, et al. “Handbook for computer security incident response teams (CSIRTS),” No. CMU/SEI-2003-HB-002. Carnegie-Mellon Univ Pittsburgh PA software engineering institute, 2003. P. Coughlan, and D. Coghlan, “Action research for operations management,” International journal of operations & production management, vol. 22(2), pp. 220-240, 2002. DOI: http://doi. org/10.1108/01443570210417515 R. Bouman, and J. V. Dongen. Pentaho solutions: Business Intelligence and Data warehousing with Pentaho and MySQL. Wiley Publishing, 2009. The kimball group reader: Relentlessly practical tools for data warehousing and BI remastered collection. John Wiley & Sons, 2015. DOI: http://doi. org/10.1002/9781119228912. P. Valladares, W. Fuertes, F. Tapia, T. Toulkeridis, and E. Pérez, “Dimensional data model for early alerts of malicious activities in a CSIRT,” in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, 2017. DOI: http://doi.org/10.23919/ SPECTS.2017.8046771. R. Gaddam, and M. Nandhini, “An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment,” in International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017. DOI: http://doi. org/10.1109/ICICCT.2017.7975177. S. Dongkyun, and K. Lee, “Comparing security vulnerability by operating system environment,” International Journal of Services Technology and Management, vol. 23 (1-2), pp. 154-164, 2017. H. Elshoush, and I. Osman, “An improved framework for intrusion alert correlation,” Proceedings of the World Congress on Engineering, vol. 1, 2012. R. Kimball, and R. Margy, The data warehouse toolkit: The definitive guide to dimensional modelling. John Wiley & Sons, 2013. I. Sharafaldin, et al., “Towards a Reliable Intrusion Detection Benchmark Dataset,” Software Networking, vol. 1 (1), pp. 177-200, 2017. DOI: http://doi.org/10.13052/jsn2445-9739.2017.009. J.L Pereira, and M. Costa, “Decision Support in Big Data Contexts: A Business Intelligence Solution,” New Advances in Information Systems and Technologies, vol. 444, pp. 983-992, 2016. DOI: http://doi.org/10.1007/978-3-319-31232-3_93. S. Few, “Information Dashboard Design. The Effective Visual Communication of Data,” NY: O’Reilly, 2006. M. S. Gounder, V. V. Iyer, and A. A. Mazyad, “A survey on business intelligence tools for university dashboard development,” in 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, 2016. DOI: http://doi.org/10.1109/ ICBDSC.2016.7460347. J. Pajares, et al., “Project Management Methodologies in the Fourth Technological Revolution,” Advances in Management Engineering. Springer International Publishing, pp. 121-144, 2017. DOI: http://doi. org/10.1007/978-3-319-55889-9_7. R. O’Connor, V. Elger, and P. Clarke. “Continuous software engineering—A micro services architecture perspective,” Journal of Software: Evolution and Process, vol. 29 (11), pp. e1866, Nov. 2017. DOI: http://doi.org/10.1002/smr.1866. Revista Facultad de Ingeniería;Volumen 27, número 47 (Enero-Abril 2018) Copyright (c) 2018 Universidad Pedagógica y Tecnológica de Colombia https://creativecommons.org/licenses/by-nc/4.0/ info:eu-repo/semantics/openAccess Atribución-NoComercial 4.0 Internacional (CC BY-NC 4.0) http://purl.org/coar/access_right/c_abf2 application/pdf application/pdf Universidad Pedagógica y Tecnológica de Colombia https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747/6137 |
| spellingShingle | Computer engineering Computer security Data structures (Computer science) Business intelligence Cybersecurity Decision making Early alerts Electronic data processing ETL Vulnerability analysis Reyes Mena, Francisco Xavier Fuertes Díaz, Walter Marcelo Guzmán Jaramillo, Carlos Enrique Pérez Estévez, Ernesto Bernal Barzallo, Paúl Fernando Villacís Silva, César Javier Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title | Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_full | Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_fullStr | Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_full_unstemmed | Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_short | Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_sort | application of business intelligence for analyzing vulnerabilities to increase the security level in an academic csirt |
| topic | Computer engineering Computer security Data structures (Computer science) Business intelligence Cybersecurity Decision making Early alerts Electronic data processing ETL Vulnerability analysis |
| url | http://repositorio.uptc.edu.co/handle/001/2168 |
| work_keys_str_mv | AT reyesmenafranciscoxavier applicationofbusinessintelligenceforanalyzingvulnerabilitiestoincreasethesecuritylevelinanacademiccsirt AT fuertesdiazwaltermarcelo applicationofbusinessintelligenceforanalyzingvulnerabilitiestoincreasethesecuritylevelinanacademiccsirt AT guzmanjaramillocarlosenrique applicationofbusinessintelligenceforanalyzingvulnerabilitiestoincreasethesecuritylevelinanacademiccsirt AT perezestevezernesto applicationofbusinessintelligenceforanalyzingvulnerabilitiestoincreasethesecuritylevelinanacademiccsirt AT bernalbarzallopaulfernando applicationofbusinessintelligenceforanalyzingvulnerabilitiestoincreasethesecuritylevelinanacademiccsirt AT villacissilvacesarjavier applicationofbusinessintelligenceforanalyzingvulnerabilitiestoincreasethesecuritylevelinanacademiccsirt AT reyesmenafranciscoxavier aplicaciondeinteligenciadenegociosparaelanalisisdevulnerabilidadesenprodeincrementarelniveldeseguridadenuncsirtacademico AT fuertesdiazwaltermarcelo aplicaciondeinteligenciadenegociosparaelanalisisdevulnerabilidadesenprodeincrementarelniveldeseguridadenuncsirtacademico AT guzmanjaramillocarlosenrique aplicaciondeinteligenciadenegociosparaelanalisisdevulnerabilidadesenprodeincrementarelniveldeseguridadenuncsirtacademico AT perezestevezernesto aplicaciondeinteligenciadenegociosparaelanalisisdevulnerabilidadesenprodeincrementarelniveldeseguridadenuncsirtacademico AT bernalbarzallopaulfernando aplicaciondeinteligenciadenegociosparaelanalisisdevulnerabilidadesenprodeincrementarelniveldeseguridadenuncsirtacademico AT villacissilvacesarjavier aplicaciondeinteligenciadenegociosparaelanalisisdevulnerabilidadesenprodeincrementarelniveldeseguridadenuncsirtacademico AT reyesmenafranciscoxavier aplicacaodeinteligenciadenegociosparaaanalisedevulnerabilidadesemproldeincrementaroniveldesegurancaemumcsirtacademico AT fuertesdiazwaltermarcelo aplicacaodeinteligenciadenegociosparaaanalisedevulnerabilidadesemproldeincrementaroniveldesegurancaemumcsirtacademico AT guzmanjaramillocarlosenrique aplicacaodeinteligenciadenegociosparaaanalisedevulnerabilidadesemproldeincrementaroniveldesegurancaemumcsirtacademico AT perezestevezernesto aplicacaodeinteligenciadenegociosparaaanalisedevulnerabilidadesemproldeincrementaroniveldesegurancaemumcsirtacademico AT bernalbarzallopaulfernando aplicacaodeinteligenciadenegociosparaaanalisedevulnerabilidadesemproldeincrementaroniveldesegurancaemumcsirtacademico AT villacissilvacesarjavier aplicacaodeinteligenciadenegociosparaaanalisedevulnerabilidadesemproldeincrementaroniveldesegurancaemumcsirtacademico |
