Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT

Main Article Content


Francisco Xavier Reyes-Mena
Walter Marcelo Fuertes-Díaz
Carlos Enrique Guzmán-Jaramillo
Ernesto Pérez-Estévez
Paúl Fernando Bernal-Barzallo
César Javier Villacís-Silva


This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.


Article Details


Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The journal authorizes the total or partial reproduction of the published article, as long as the source, including the name of the Journal, author(s), year, volume, issue, and pages are cited.

The ideas and assertions expressed by the authors are their solely responsibility and do not represent the views and opinions of the Journal or its editors.

All articles included in the Revista Facultad de Ingeniería are published under the Creative Commons (BY) license.

Authors must complete, sign, and submit the Review and Publication Authorization Form of the manuscript provided by the Journal; this form should contain all the originality and copyright information of the manuscript.

The authors  keep copyright, however, once the work in the Journal has been published, the authors must always allude to it.

The Journal allows and invites authors to publish their work in repositories or on their website after the presentation of the number in which the work is published with the aim of generating greater dissemination of the work.


[1] M. Letho, "Cyber Security Education and Research in the Finland's Universities and Universities of Applied Sciences," International Journal of Cyber Warfare and Terrorism (IJCWT), vol. 6(2), pp. 15-31, Apr. 2016. DOI:

[2] P. Cichonski, T. Millar, T. Grance, and K. Scarfone, "Computer security incident handling guide," NIST Special Publication 800-61, 2012

[3] M. West-Brown, et al. “Handbook for computer security incident response teams (CSIRTS),” No. CMU/SEI-2003-HB-002. Carnegie-Mellon Univ Pittsburgh PA software engineering institute, 2003.

[4] P. Coughlan, and D. Coghlan, "Action research for operations management," International journal of operations & production management, vol. 22(2), pp. 220-240, 2002. DOI:

[5] R. Bouman, and J. V. Dongen. Pentaho solutions: Business Intelligence and Data warehousing with Pentaho and MySQL. Wiley Publishing, 2009.

[6] R. Kimball, M. Ross, J. Mundy, and W. Thornthwaite. The kimball group reader: Relentlessly practical tools for data warehousing and BI remastered collection. John Wiley & Sons, 2015. DOI:

[7] P. Valladares, W. Fuertes, F. Tapia, T. Toulkeridis, and E. Pérez, "Dimensional data model for early alerts of malicious activities in a CSIRT," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, 2017. DOI:

[8] R. Gaddam, and M. Nandhini, "An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment," in International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017. DOI:

[9] S. Dongkyun, and K. Lee, "Comparing security vulnerability by operating system environment," International Journal of Services Technology and Management, vol. 23 (1-2), pp. 154-164, 2017.

[10] H. Elshoush, and I. Osman, "An improved framework for intrusion alert correlation," Proceedings of the World Congress on Engineering, vol. 1, 2012.

[11] R. Kimball, and R. Margy, The data warehouse toolkit: The definitive guide to dimensional modelling. John Wiley & Sons, 2013.

[12] I. Sharafaldin, et al., "Towards a Reliable Intrusion Detection Benchmark Dataset," Software Networking, vol. 1 (1), pp. 177-200, 2017. DOI:

[13] J.L Pereira, and M. Costa, "Decision Support in Big Data Contexts: A Business Intelligence Solution," New Advances in Information Systems and Technologies, vol. 444, pp. 983-992, 2016. DOI:

[14] S. Few, “Information Dashboard Design. The Effective Visual Communication of Data,” NY: O'Reilly, 2006.

[15] M. S. Gounder, V. V. Iyer, and A. A. Mazyad, "A survey on business intelligence tools for university dashboard development," in 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, 2016. DOI:

[16] J. Pajares, et al., "Project Management Methodologies in the Fourth Technological Revolution," Advances in Management Engineering. Springer International Publishing, pp. 121-144, 2017. DOI:

[17] R. O’Connor, V. Elger, and P. Clarke. "Continuous software engineering—A micro services architecture perspective," Journal of Software: Evolution and Process, vol. 29 (11), pp. e1866, Nov. 2017. DOI:


Download data is not yet available.