Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT
Abstract
This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.Keywords
business intelligence, cybersecurity, decision making, early alerts, electronic data processing, ETL, vulnerability analysis
References
- M. Letho, "Cyber Security Education and Research in the Finland's Universities and Universities of Applied Sciences," International Journal of Cyber Warfare and Terrorism (IJCWT), vol. 6(2), pp. 15-31, Apr. 2016. DOI: http://doi.org/10.4018/IJCWT.2016040102. DOI: https://doi.org/10.4018/IJCWT.2016040102
- P. Cichonski, T. Millar, T. Grance, and K. Scarfone, "Computer security incident handling guide," NIST Special Publication 800-61, 2012
- M. West-Brown, et al. “Handbook for computer security incident response teams (CSIRTS),” No. CMU/SEI-2003-HB-002. Carnegie-Mellon Univ Pittsburgh PA software engineering institute, 2003. DOI: https://doi.org/10.21236/ADA413778
- P. Coughlan, and D. Coghlan, "Action research for operations management," International journal of operations & production management, vol. 22(2), pp. 220-240, 2002. DOI: http://doi.org/10.1108/01443570210417515. DOI: https://doi.org/10.1108/01443570210417515
- R. Bouman, and J. V. Dongen. Pentaho solutions: Business Intelligence and Data warehousing with Pentaho and MySQL. Wiley Publishing, 2009.
- R. Kimball, M. Ross, J. Mundy, and W. Thornthwaite. The kimball group reader: Relentlessly practical tools for data warehousing and BI remastered collection. John Wiley & Sons, 2015. DOI: http://doi.org/10.1002/9781119228912. DOI: https://doi.org/10.1002/9781119228912
- P. Valladares, W. Fuertes, F. Tapia, T. Toulkeridis, and E. Pérez, "Dimensional data model for early alerts of malicious activities in a CSIRT," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, 2017. DOI: http://doi.org/10.23919/SPECTS.2017.8046771. DOI: https://doi.org/10.23919/SPECTS.2017.8046771
- R. Gaddam, and M. Nandhini, "An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment," in International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017. DOI: http://doi.org/10.1109/ICICCT.2017.7975177. DOI: https://doi.org/10.1109/ICICCT.2017.7975177
- S. Dongkyun, and K. Lee, "Comparing security vulnerability by operating system environment," International Journal of Services Technology and Management, vol. 23 (1-2), pp. 154-164, 2017. DOI: https://doi.org/10.1504/IJSTM.2017.081884
- H. Elshoush, and I. Osman, "An improved framework for intrusion alert correlation," Proceedings of the World Congress on Engineering, vol. 1, 2012.
- R. Kimball, and R. Margy, The data warehouse toolkit: The definitive guide to dimensional modelling. John Wiley & Sons, 2013.
- I. Sharafaldin, et al., "Towards a Reliable Intrusion Detection Benchmark Dataset," Software Networking, vol. 1 (1), pp. 177-200, 2017. DOI: http://doi.org/10.13052/jsn2445-9739.2017.009. DOI: https://doi.org/10.13052/jsn2445-9739.2017.009
- J.L Pereira, and M. Costa, "Decision Support in Big Data Contexts: A Business Intelligence Solution," New Advances in Information Systems and Technologies, vol. 444, pp. 983-992, 2016. DOI: http://doi.org/10.1007/978-3-319-31232-3_93. DOI: https://doi.org/10.1007/978-3-319-31232-3_93
- S. Few, “Information Dashboard Design. The Effective Visual Communication of Data,” NY: O'Reilly, 2006.
- M. S. Gounder, V. V. Iyer, and A. A. Mazyad, "A survey on business intelligence tools for university dashboard development," in 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, 2016. DOI: http://doi.org/10.1109/ICBDSC.2016.7460347. DOI: https://doi.org/10.1109/ICBDSC.2016.7460347
- J. Pajares, et al., "Project Management Methodologies in the Fourth Technological Revolution," Advances in Management Engineering. Springer International Publishing, pp. 121-144, 2017. DOI: http://doi.org/10.1007/978-3-319-55889-9_7. DOI: https://doi.org/10.1007/978-3-319-55889-9_7
- R. O’Connor, V. Elger, and P. Clarke. "Continuous software engineering—A micro services architecture perspective," Journal of Software: Evolution and Process, vol. 29 (11), pp. e1866, Nov. 2017. DOI: http://doi.org/10.1002/smr.1866. DOI: https://doi.org/10.1002/smr.1866