Identification of IT threats by applying Big Data architectures
Article Sidebar
Main Article Content
Abstract
The massive use of Information and Communication Technologies has caused the interdependence of society with respect to them; added to the absence of efficient and effective controls at a general level, they increase the exposure to attacks or computer threats, to vulnerabilities in the information assets of the organizations. In this context, this article proposes a data analysis architecture through Big Data tools using events or security logs, which allow to improve the identification, integration and correlation of events. The methodology of the supported research was characterized as exploratory and descriptive. For the development of the proposed solution, the phases of Big Data processing proposed by Labrinidis & Jagadish were used, allowing the identification of computer threats. The technological architecture designed was based on the integration of Elastic Stack and its main components (Elasticsearch, Logstash, Kibana), and technologies such as Filebeat and Wazuh Security Detection (NIPS / HIDS), managing security in information assets such as communications equipment, data and application servers, database engines, and end-user terminals. Its implementation would allow real-time and historical monitoring of an agile and effective response to security alerts and incident status reports.
Downloads
Article Details
COPYRIGHT NOTICE
Authors who publish in the INNOVA Research Journal keeps copyright and guarantee the journal the right to be the first publication of the work under the Creative Commons License, Attribution-Non-Commercial 4.0 International (CC BY-NC 4.0). They can be copied, used, disseminated, transmitted and publicly exhibited, provided that: a) the authorship and original source of their publication (magazine, publisher, URL and DOI of the work) is cited; b) are not used for commercial purposes; c) the existence and specifications of this license of use are mentioned.
References
Arass, M. E., & Souissi, N. (2019). Smart SIEM: From Big Data Logs and Events To Smart Data Alerts. 8(8), 6.
Chacon, J., McKeown, S., & Macfarlane, R. (2020). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques—An Experiment. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 1-8. https://doi.org/10.1109/CyberSecurity49315.2020.9138859
Chalmers, S., Bothorel, C., y Picot-Clemente, R. (2013). Big Data—State of the Art. 24.
Constitución de la República del Ecuador. (2008). Constitución de la República del Ecuador.
Cortés, C. B. Y., Landeta, J. M. I., y Chacón, J. G. B. (2017). El Entorno de la Industria 4.0: Implicaciones y Perspectivas Futuras. 19.
Crooks, D., & Vâlsan, L. (2019). Building a minimum viable Security Operations Centre for the modern grid environment. Proceedings of International Symposium on Grids & Clouds 2019 — PoS(ISGC2019), 010. https://doi.org/10.22323/1.351.0010
Elastic. (2021). Filebeat overview | Filebeat Reference [7.13] | Elastic. Filebeat overview. https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html
ESET. (2021). S3CURITY R3PORT Latinoamérica 2021. https://www.welivesecurity.com/wp-content/uploads/2021/06/ESET-security-report-LATAM2021.pdf
Gartner. (2021). Gartner Reprint. https://www.gartner.com/doc/reprints?id=1-25H9R6TE&ct=210318&st=sb
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Ullah Khan, S. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115. https://doi.org/10.1016/j.is.2014.07.006
ISO / IEC. (2014). SO / IEC 27000. Tecnología de la información—Técnicas de seguridad—Sistemas de gestión de seguridad de la información—Descripción general y vocabulario. https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-3:v1:en
Joglekar, P., & Pise, N. (2016). Solving Cyber Security Challenges using Big Data. International Journal of Computer Applications, 154(4), 9-12. https://doi.org/10.5120/ijca2016912080
Kaiafas, G., Varisteas, G., Lagraa, S., State, R., Nguyen, C. D., Ries, T., & Ourdane, M. (2018). Detecting malicious authentication events trustfully. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, 1-6. https://doi.org/10.1109/NOMS.2018.8406295
Kritzinger, E., & Smith, E. (2008). Information security management: An information security retrieval and awareness model for industry. Computers & Security, 27(5-6), 224-231. https://doi.org/10.1016/j.cose.2008.05.006
Kumar, P., Kumar, P., Zaidi, N., & Rathore, V. S. (2018). Analysis and Comparative Exploration of Elastic Search, MongoDB and Hadoop Big Data Processing. En M. Pant, K. Ray, T. K. Sharma, S. Rawat, & A. Bandyopadhyay (Eds.), Soft Computing: Theories and Applications (Vol. 584, pp. 605-615). Springer Singapore. https://doi.org/10.1007/978-981-10-5699-4_57
Labrinidis, A., & Jagadish, H. V. (2012). Challenges and Opportunities with Big Data. 2.
Ley Orgánica de Protección de Datos Personales. (2021). Ley Orgánica de Protección de Datos Personales.
Ley Orgánica de Telecomunicaciones. (2015). Ley Orgánica de Telecomunicaciones.
Liu, R., Li, Q., Li, F., Mei, L., & Lee, J. (2014, octubre). Liu2014.pdf. https://doi.org/10.1109/SOLI.2014.6960762
Lněnička, M., Máchová, R., & Komárková, J. (2017). Components of Big Data Analytics for Strategic Management of Enterprise Architecture. Conference: 12th International Conference on Strategic Management and Its Support by Information Systems 2017, 8.
Maeda, N., Agetsuma, N., Kamimura, K., Suenaga, Y., Takebayashi, S., & Yamashita, K. (2018). Achieving Greater Work Efficiency in Systems Failure Analysis Using Elastic Stack. 16(2), 6.
Mujawar, S., & Kulkarni, S. (2015). Big Data: Tools and Applications. International Journal of Computer Applications, 115(23), 7-11. https://doi.org/10.5120/20289-2113
Nadeem, S. F., & Huang, C.-Y. (2018). Data Visualization in Cybersecurity. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 48-52. https://doi.org/10.1109/CSCI46756.2018.00017
P., R. M., & C., I. M. (2019). 2551-Article Text-4005-1-10-20191230.pdf. International Journal of Advanced Science and Technology, Vol. 28, No. 19, 425-432.
Pérez Marqués, M. (2015). Big Data ecnicas herramientas y aplicaciones (Primera Edición). Alfaomega Grupo Editor, S.A. de C. V.
Rohit, Gupta, B., Kumar, R., & Kumar, A. (2018). Towards Information Discovery On Large Scale Data: State-of-the-art. 2018 International Conference on Soft-Computing and Network Security (ICSNS), 1-9. https://doi.org/10.1109/ICSNS.2018.8573666
Roji, K., & Sharma, G. (2019). Cyber Security Challenges and Big Data Analytics. 4.
Subburaj, T., Department of Computer Applications, Kalasalingam Academy of Research and Education, Krishnankoil - 626126, Tamilnadu, India, Suthendran, K., & Department of Information Technology, Kalasalingam
Academy of Research and Education, Krishnankoil - 626126, Tamilnadu, India. (2018). DigitalWatering Hole Attack DetectionUsing Sequential Pattern. Journal of Cyber Security and Mobility, 7(1), 1-12. https://doi.org/10.13052/jcsm2245-1439.711
Talas, A., Pop, F., & Neagu, G. (2017). Elastic stack in action for smart cities: Making sense of big data. 2017 13th IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), 469-476. https://doi.org/10.1109/ICCP.2017.8117049
Tounsi, W., & Rais, H. (2018). A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security, 72, 212-233. https://doi.org/10.1016/j.cose.2017.09.001
Veiga, A. D., & Eloff, J. H. P. (2007). An Information Security Governance Framework. Information Systems Management, 24(4), 361-372. https://doi.org/10.1080/10580530701586136
wazuh. (2021a). Overview—User manual · Wazuh 4.1 documentation. Overview. https://documentation.wazuh.com/current/user-manual/overview.html
wazuh. (2021b). Welcome to Wazuh · Wazuh 4.1 documentation. https://documentation.wazuh.com/current/index.html