Skip to main navigation menu Skip to main content Skip to site footer

Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT

Abstract

This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.

Keywords

business intelligence, cybersecurity, decision making, early alerts, electronic data processing, ETL, vulnerability analysis

PDF XML

References

  1. M. Letho, "Cyber Security Education and Research in the Finland's Universities and Universities of Applied Sciences," International Journal of Cyber Warfare and Terrorism (IJCWT), vol. 6(2), pp. 15-31, Apr. 2016. DOI: http://doi.org/10.4018/IJCWT.2016040102. DOI: https://doi.org/10.4018/IJCWT.2016040102
  2. P. Cichonski, T. Millar, T. Grance, and K. Scarfone, "Computer security incident handling guide," NIST Special Publication 800-61, 2012
  3. M. West-Brown, et al. “Handbook for computer security incident response teams (CSIRTS),” No. CMU/SEI-2003-HB-002. Carnegie-Mellon Univ Pittsburgh PA software engineering institute, 2003. DOI: https://doi.org/10.21236/ADA413778
  4. P. Coughlan, and D. Coghlan, "Action research for operations management," International journal of operations & production management, vol. 22(2), pp. 220-240, 2002. DOI: http://doi.org/10.1108/01443570210417515. DOI: https://doi.org/10.1108/01443570210417515
  5. R. Bouman, and J. V. Dongen. Pentaho solutions: Business Intelligence and Data warehousing with Pentaho and MySQL. Wiley Publishing, 2009.
  6. R. Kimball, M. Ross, J. Mundy, and W. Thornthwaite. The kimball group reader: Relentlessly practical tools for data warehousing and BI remastered collection. John Wiley & Sons, 2015. DOI: http://doi.org/10.1002/9781119228912. DOI: https://doi.org/10.1002/9781119228912
  7. P. Valladares, W. Fuertes, F. Tapia, T. Toulkeridis, and E. Pérez, "Dimensional data model for early alerts of malicious activities in a CSIRT," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, 2017. DOI: http://doi.org/10.23919/SPECTS.2017.8046771. DOI: https://doi.org/10.23919/SPECTS.2017.8046771
  8. R. Gaddam, and M. Nandhini, "An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment," in International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017. DOI: http://doi.org/10.1109/ICICCT.2017.7975177. DOI: https://doi.org/10.1109/ICICCT.2017.7975177
  9. S. Dongkyun, and K. Lee, "Comparing security vulnerability by operating system environment," International Journal of Services Technology and Management, vol. 23 (1-2), pp. 154-164, 2017. DOI: https://doi.org/10.1504/IJSTM.2017.081884
  10. H. Elshoush, and I. Osman, "An improved framework for intrusion alert correlation," Proceedings of the World Congress on Engineering, vol. 1, 2012.
  11. R. Kimball, and R. Margy, The data warehouse toolkit: The definitive guide to dimensional modelling. John Wiley & Sons, 2013.
  12. I. Sharafaldin, et al., "Towards a Reliable Intrusion Detection Benchmark Dataset," Software Networking, vol. 1 (1), pp. 177-200, 2017. DOI: http://doi.org/10.13052/jsn2445-9739.2017.009. DOI: https://doi.org/10.13052/jsn2445-9739.2017.009
  13. J.L Pereira, and M. Costa, "Decision Support in Big Data Contexts: A Business Intelligence Solution," New Advances in Information Systems and Technologies, vol. 444, pp. 983-992, 2016. DOI: http://doi.org/10.1007/978-3-319-31232-3_93. DOI: https://doi.org/10.1007/978-3-319-31232-3_93
  14. S. Few, “Information Dashboard Design. The Effective Visual Communication of Data,” NY: O'Reilly, 2006.
  15. M. S. Gounder, V. V. Iyer, and A. A. Mazyad, "A survey on business intelligence tools for university dashboard development," in 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, 2016. DOI: http://doi.org/10.1109/ICBDSC.2016.7460347. DOI: https://doi.org/10.1109/ICBDSC.2016.7460347
  16. J. Pajares, et al., "Project Management Methodologies in the Fourth Technological Revolution," Advances in Management Engineering. Springer International Publishing, pp. 121-144, 2017. DOI: http://doi.org/10.1007/978-3-319-55889-9_7. DOI: https://doi.org/10.1007/978-3-319-55889-9_7
  17. R. O’Connor, V. Elger, and P. Clarke. "Continuous software engineering—A micro services architecture perspective," Journal of Software: Evolution and Process, vol. 29 (11), pp. e1866, Nov. 2017. DOI: http://doi.org/10.1002/smr.1866. DOI: https://doi.org/10.1002/smr.1866

Downloads

Download data is not yet available.