Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT
DOI:
https://doi.org/10.19053/01211129.v27.n47.2018.7747Keywords:
business intelligence, cybersecurity, decision making, early alerts, electronic data processing, ETL, vulnerability analysisAbstract
This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.Downloads
References
M. Letho, "Cyber Security Education and Research in the Finland's Universities and Universities of Applied Sciences," International Journal of Cyber Warfare and Terrorism (IJCWT), vol. 6(2), pp. 15-31, Apr. 2016. DOI: http://doi.org/10.4018/IJCWT.2016040102.
P. Cichonski, T. Millar, T. Grance, and K. Scarfone, "Computer security incident handling guide," NIST Special Publication 800-61, 2012
M. West-Brown, et al. “Handbook for computer security incident response teams (CSIRTS),” No. CMU/SEI-2003-HB-002. Carnegie-Mellon Univ Pittsburgh PA software engineering institute, 2003.
P. Coughlan, and D. Coghlan, "Action research for operations management," International journal of operations & production management, vol. 22(2), pp. 220-240, 2002. DOI: http://doi.org/10.1108/01443570210417515.
R. Bouman, and J. V. Dongen. Pentaho solutions: Business Intelligence and Data warehousing with Pentaho and MySQL. Wiley Publishing, 2009.
R. Kimball, M. Ross, J. Mundy, and W. Thornthwaite. The kimball group reader: Relentlessly practical tools for data warehousing and BI remastered collection. John Wiley & Sons, 2015. DOI: http://doi.org/10.1002/9781119228912.
P. Valladares, W. Fuertes, F. Tapia, T. Toulkeridis, and E. Pérez, "Dimensional data model for early alerts of malicious activities in a CSIRT," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, 2017. DOI: http://doi.org/10.23919/SPECTS.2017.8046771.
R. Gaddam, and M. Nandhini, "An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment," in International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017. DOI: http://doi.org/10.1109/ICICCT.2017.7975177.
S. Dongkyun, and K. Lee, "Comparing security vulnerability by operating system environment," International Journal of Services Technology and Management, vol. 23 (1-2), pp. 154-164, 2017.
H. Elshoush, and I. Osman, "An improved framework for intrusion alert correlation," Proceedings of the World Congress on Engineering, vol. 1, 2012.
R. Kimball, and R. Margy, The data warehouse toolkit: The definitive guide to dimensional modelling. John Wiley & Sons, 2013.
I. Sharafaldin, et al., "Towards a Reliable Intrusion Detection Benchmark Dataset," Software Networking, vol. 1 (1), pp. 177-200, 2017. DOI: http://doi.org/10.13052/jsn2445-9739.2017.009.
J.L Pereira, and M. Costa, "Decision Support in Big Data Contexts: A Business Intelligence Solution," New Advances in Information Systems and Technologies, vol. 444, pp. 983-992, 2016. DOI: http://doi.org/10.1007/978-3-319-31232-3_93.
S. Few, “Information Dashboard Design. The Effective Visual Communication of Data,” NY: O'Reilly, 2006.
M. S. Gounder, V. V. Iyer, and A. A. Mazyad, "A survey on business intelligence tools for university dashboard development," in 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, 2016. DOI: http://doi.org/10.1109/ICBDSC.2016.7460347.
J. Pajares, et al., "Project Management Methodologies in the Fourth Technological Revolution," Advances in Management Engineering. Springer International Publishing, pp. 121-144, 2017. DOI: http://doi.org/10.1007/978-3-319-55889-9_7.
R. O’Connor, V. Elger, and P. Clarke. "Continuous software engineering—A micro services architecture perspective," Journal of Software: Evolution and Process, vol. 29 (11), pp. e1866, Nov. 2017. DOI: http://doi.org/10.1002/smr.1866.
Published
How to Cite
Issue
Section
License
All articles included in the Revista Facultad de Ingeniería are published under the Creative Commons (BY) license.
Authors must complete, sign, and submit the Review and Publication Authorization Form of the manuscript provided by the Journal; this form should contain all the originality and copyright information of the manuscript.
The authors who publish in this Journal accept the following conditions:
a. The authors retain the copyright and transfer the right of the first publication to the journal, with the work registered under the Creative Commons attribution license, which allows third parties to use what is published as long as they mention the authorship of the work and the first publication in this Journal.
b. Authors can make other independent and additional contractual agreements for the non-exclusive distribution of the version of the article published in this journal (eg, include it in an institutional repository or publish it in a book) provided they clearly indicate that the work It was first published in this Journal.
c. Authors are allowed and recommended to publish their work on the Internet (for example on institutional or personal pages) before and during the process.
review and publication, as it can lead to productive exchanges and a greater and faster dissemination of published work.
d. The Journal authorizes the total or partial reproduction of the content of the publication, as long as the source is cited, that is, the name of the Journal, name of the author (s), year, volume, publication number and pages of the article.
e. The ideas and statements issued by the authors are their responsibility and in no case bind the Journal.