Mining Unstructured Log Messages for Security Threat Detection

As computers become larger, more powerful, and more connected, many challenges arise in implementing and maintaining a secure computing environment. Some of the challenges come from the exponential increase of unstructured messages generated by the computer systems and applications. Although these data contain a wealth of information that is useful for advanced threat detection and prediction for future anomalies, the sheer volume, variety, and complexity of data make it difficult for even well-trained analysts to extract the right information. While conventional SIEM (Security Information and Event Management) tools provide some capability to collect, correlate, and detect certain events from structured messages, their rule-based correlation and detection algorithms fall short in utilizing information in unstructured messages. This study explores the possibility of utilizing techniques for text mining, natural language processing, and machine learning to detect security threat by extracting relevant information from various unstructured log messages collected from distributed non-homogeneous systems. The extracted features are used to run a number of experiments on the Packet Clearing House SKAION 2006 IARPA Dataset, and the performance of prediction is evaluated. In comparison to the base case without feature extraction, an average of 16.73% of accumulated performance gain and 84% of time reduction was achieved using extracted features only, while a 23.48% performance gain with 82.39% of time increase was attained using both unstructured free-text messages and extracted features. The results display strong potential for further increase in performance by using larger size of training sets and extracting more features from the unstructured log messages

Metrics for Broadband Networks in the Context of the Digital Economies

In a transition to automated digital management of broadband networks, communication service providers must look for new metrics to monitor these networks. Complete metrics frameworks are already emerging whereas majority of the new metrics are being proposed in technical papers. Considering common metrics for broadband networks and related technologies, this chapter offers insights into what metrics are available, and also suggests active areas of research. The broadband networks being a key component of the digital ecosystems are also an enabler to many other digital technologies and services. Reviewing first the metrics for computing systems, websites and digital platforms, the chapter focus then shifts to the most important technical and business metrics which are used for broadband networks. The demand-side and supply-side metrics including the key metrics of broadband speed and broadband availability are touched on. After outlining the broadband metrics which have been standardized and the metrics for measuring Internet traffic, the most commonly used metrics for broadband networks are surveyed in five categories: energy and power metrics, quality of service, quality of experience, security metrics, and robustness and resilience metrics. The chapter concludes with a discussion on machine learning, big data and the associated metrics

Metodologías para el análisis de riesgo de la seguridad de la información. Una revisión sistemática de la literatura

Cuando hablamos de riesgo nos referimos a la proximidad o posibilidad de un daño, peligro, etc. Asimismo, se puede identificar variados factores de riesgo que son manifestaciones o características medibles u observables de un proceso que indican la presencia de riesgo o tienden a aumentar la exposición, pueden ser interna o externa a la entidad. Actualmente cada organización utiliza diferentes metodologías para el análisis de los factores de riesgo de información. El objetivo principal de esta revisión sistemática es describir las metodologías para el análisis de riesgo de la seguridad de la información. Para la selección de metodologías se siguieron los pasos propuestos en el método de la Revisión Sistemática de la Literatura (RSL), en las diferentes fuentes bibliográficas virtuales consultadas. El resultado final es de 22 artículos que cumplen con los criterios establecidos para la investigación y que abordan información con relación de las metodologías relacionadas en el área de la seguridad de la información. Se concluye que, dentro de los factores existentes, el más relevante es el factor humano y dentro de las metodologías la más utilizada es Magerit.LIMAEscuela Profesional de Ingeniería de SistemasInfraestructura Tecnológica - Auditoria y Seguridad de T