Security Information and Event Management -järjestelmät

Opinnäytetyö tehtiin Itä-Suomen yliopistolle, jolla on tarve keskitettyyn lokienhallintaan ja tietoturvan monitorointiin. Työn päätavoitteena on toimia apuvälineenä Security Information and Event Management -järjestelmiin perehtymiseen. Tästä aiheesta on tehty aiemmin vain vähän suomenkielisiä julkaisuja. Teoriaosuudessa esitellään liiketoiminnallista näkökulmaa ja projektin läpivientiä. Osuudessa käsitellään myös SIEMin keskeiset käsitteet ja teknologiat. Esitetyt laskukaavat auttavat järjestelmän mitoittamista IT-ympäristöön sopivaksi. Yhtenä opinnäytetyön tehtävänä oli esitellä eri valmistajien SIEM-ratkaisuja. Käsiteltäväksi valittiin tuotteita kahdeksalta eri valmistajalta, joista avoimen lähdekoodin AlienVault OSSIM kuvataan tarkemmin. Opinnäytetyötä varten tehty demoympäristö esittelee AlienVault OSSIMin käyttöönottoa pienessä ympäristössä. Teknisen dokumentaation tarkoituksena ei ole toimia asennusohjeena, vaan esitellä SIEMin toiminnallisuutta käytännön esimerkkien avulla. Tiedonkulku on kuvattu datan keräämisestä korreloidun tapahtuman analysointiin.This thesis was commissioned by the University of Eastern Finland. There is a demand for a centralized log management and information security monitoring. The main goal was to provide aid for familiarization with Security Information and Event Management systems. There are not many Finnish publications about this topic yet. The theory section describes the business perspective and the completion of the project. SIEM concept and its technologies are also explained. The introduced formulas help the scaling system to fit for an IT environment. One objective of the thesis was to demonstrate various SIEM solutions from different vendors. Products from eight different vendors are introduced. An open source SIEM system AlienVault OSSIM is described in more detail. The test environment was made to demonstrate AlienVault OSSIM’s deployment in a small network. The technical documentation is not a deployment guide for SIEM. It presents the functionality of SIEM with practical examples. The information flow is described from data collection to analysis of correlated events

Testing the Assumptions Behind the Use of Importance Sampling

Importance sampling is used in many aspects of modern econometrics to approximate unsolvable integrals. Its reliable use requires the sampler to possess a variance, for this guarantees a square root speed of convergence and asymptotic normality of the estimator of the integral. However, this assumption is seldom checked. In this paper we propose to use extreme value theory to empirically assess the appropriateness of this assumption. We illustrate this method in the context of a maximum simulated likelihood analysis of the stochastic volatility model.Extreme value theory; Importance sampling; Simulation; Stochastic Volatility.

Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management, Decision Support System, Hydroelectric Da

Profile for Aquatic Resources Management: Tboung Kla, Koh Chruem and Ou Chralang villages, Ou Mreah commune, Siem Bouk district, Stung Treng province, Cambodia

This publication is part of a collection of three profiles covering nine aquatic resources-dependent villages in the provinces of Stung Treng, Takeo and Siem Reap. The profiles are important because in most, if not all, of the aquatic-resources villages of Cambodia, critical data and information useful for planning and management are not available in a documented form. The development of the village profiles is viewed as a basic requirement for planning and overall management. It is only an initial step to identify future programs and projects related to aquatic resources. The profiles depict the present state of the villages and their aquatic resources. In general, the villages have limited infrastructure and other physical resources. In the villages of Takeo and Siem Reap, total flooding occurs in the wet season and villagers must rely on transportation by boat. In Stung Treng villages, partial flooding is also a problem as it makes the few existing roads significantly impassable during the wet season.Botanical resources, Resource management, Fishery management, Cambodia,

A proposed methodology for understanding urban growth pattern : a case study in Siem Reap, Cambodia

In this paper, the main goal is to understand the relationship between urban growth and physical factors in order to determine the potential area for future urban expansion. A methodology is suggested for understanding urban growth pattern in Siem Reap which could effectively sustain archaeological sites and to balance the land use between urban and non-urban areas in Siem Reap, Cambodia. Remote sensing technique is used to analyze land use maps of Siem Reap from 1993 to 2011. Results show that urban-built up area increased significantly which causes the forest land to reduce steadily from 1993 to 2003 in the Siem Reap archaeological sites. In addition, Geographic Information System (GIS) is applied to analyze urban growth pattern. Geo-processing and logical functions are applied to detect and quantify the land use changes, especially urban changes. Two main factors are used to analyze the urban driving growth in Siem Reap, which are distance to road networks and population density. Pearson correlation statistics is applied to justify the relationship between the factors and urban area growth

Improving SIEM for critical SCADA water infrastructures using machine learning

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset

Systemic risk diagnostics: coincident indicators and early warning signals

We propose a novel framework to assess financial system risk. Using a dynamic factor framework based on state-space methods, we construct coincident measures (‘thermometers’) and a forward looking indicator for the likelihood of simultaneous failure of a large number of financial intermediaries. The indicators are based on latent macro-financial and credit risk components for a large data set comprising the U.S., the EU-27 area, and the respective rest of the world. Credit risk conditions can significantly and persistently de-couple from macro-financial fundamentals. Such decoupling can serve as an early warning signal for macro-prudential policy. JEL Classification: G21, C33credit portfolio models, financial crisis, frailty-correlated defaults, state space methods, systemic risk

Atas do XXVIII Seminário de Investigação em Educação Matemática

Em 2017, realiza-se em Viseu, pela terceira vez, o Seminário de Investigação em Educação Matemática (SIEM), dinamizado pelo Grupo de Trabalho de Investigação (GTI) da Associação de Professores de Matemática (APM). Estes seminários aconteceram em 1992 e em 2002. Em 1992 realizou-se na Escola Superior de Educação de Viseu o III SIEM. Foi neste seminário que surgiu, de forma mais visível, o Grupo de Trabalho de Investigação, com a aprovação dos seus objetivos e linhas orientadoras. A ideia de constituir, no seio da Associação de Professores de Matemática, um grupo de trabalho dedicado à Investigação em Educação Matemática vinha de trás, do Encontro de Professores de Matemática (ProfMat) de 1989, em Viana do Castelo, por iniciativa de João Pedro da Ponte. Em 1992, Viseu sucedia, assim, ao SIEM das Caldas da Rainha, em 1990, e ao SIEM do Porto, no ano seguinte. A revista Quadrante, publicada pelo GTI, tem tantos anos quantos decorreram desde esse primeiro SIEM em Viseu, 25 anos. Pode dizer-se que a Quadrante nasceu em Viseu, na medida em que no seu número inaugural, que saiu nesse ano de 1992, publicou textos baseados em comunicações realizadas no III SIEM.info:eu-repo/semantics/publishedVersio

Modeling urban growth pattern for sustainable archaeological sites : a case study in Siem Reap, Cambodia

In this paper, the main goal is to understand the relationship between urban growth and physical factors in order to determine the potential area for future urban expansion. A policy is suggested that could effectively sustain the archaeological sites and to balance the land use between urban and non-urban areas in Siem Reap, Cambodia. Remote sensing is used to analyze land use maps of Siem Reap from 1993 to 2011. Results show that urban-built up area increased significantly which causes the forest land to reduce in the Siem Reap archaeological sites. In addition, Geographic Information System (GIS) is used to analyze urban growth in potential suitable sites. Geo-processing and logical functions are applied to detect and quantify the land use changes, especially urban changes. The percentage of urban area in each year is compared with the population density and road buffers by using Pearson correlation. It is shown that the increasing in urban area is related with population density and road network factors