This Article 
 Bibliographic References 
 Add to: 
Improving the Automation of Security Information Management: A Collaborative Approach
January/February 2012 (vol. 10 no. 1)
pp. 55-59
Idoia Aguirre, the Multi­disciplinary Innovation and Technology Center of Navarra (Cemitec)
Sergio Alonso, the Multidisciplinary Innovation and Technology Center of Navarra (Cemitec)
Many preventive security measures purport to protect networks from cyber intrusions. These adopted measures can generate a large amount of information that should be stored and analyzed to enable responses to detected attacks. Security information and event managers (SIEMs) are indispensable for collecting all of a system's security-related information in a central repository. This can then provide trend analysis and lead analysts to adopt appropriate actions. A collaborative work approach lets SIEMs of different trusted domains share alarms and their countermeasures. By sharing alarms and adopted measures in domains with similar profiles, the authors hope to enhance a global view of the security and facilitate decision making for security-domain administrators.

1. "Computer Security Division 2009 Annual Report," Nat'l Inst. Standards and Technology, 2009; ir7653nistir-7653_2009-CSD-annual-report.pdf .
2. A.K. Ganame et al., "A Global Security Architecture for Intrusion Detection on Computer Networks," Computers & Security, vol. 27, nos. 1–2, 2008, pp. 30–47.
3. E. Hooper, "Intelligent Techniques for Network Sensor Information Processing in Large-Scale Network Infrastructures," Proc. Int'l Conf. Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP 08), IEEE CS, 2008, pp. 593–598.
4. Z.-T. Li et al., "Assessing Attack Threat by the Probability of Following Attacks," Proc. Int'l Conf. Networking, Architecture, and Storage (NAS 07), IEEE CS, 2007, pp. 91–100.
5. W. Wang, X. Guan, and X. Zhang, "Processing of Massive Audit Data Streams for Real-Time Anomaly Intrusion Detection," Computer Comm., vol. 31, no. 1, 2008, pp. 58–72.
6. J. Song et al., "A Comprehensive Approach to Detect Unknown Attacks via Intrusion Detection Alerts," Proc. 12th Asian Computer Science Conf. (ASIAN 07), LNCS 4846, Springer, 2007, pp. 247–253.
7. A. Mishra et al., "Intrusion Detection in Wireless Ad Hoc Networks," IEEE Wireless Comm., Feb. 2004, pp. 48–60.
8. J.J. Treinen and R. Thurimella, "A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures," Proc. 9th Int'l Symp. Recent Advances in Intrusion Detection (RAID 06), LNCS 4219, Springer, 2006, pp. 1–18.
9. M. Roesch, "Snort—Lightweight Intrusion Detection for Networks," Proc. 13th Usenix Conf. System Administration (LISA 99), Usenix, 1999, pp. 229–238.
10. M. Nicolett and K.M. Kavanagh, "Magic Quadrant for Security Information and Event Management," Gartner RAS Core Research Note G00212454, 12 May 2011; .

Index Terms:
computer-supported cooperative work, decision support, data sharing, security, security information and event managers, SIEM
Idoia Aguirre, Sergio Alonso, "Improving the Automation of Security Information Management: A Collaborative Approach," IEEE Security & Privacy, vol. 10, no. 1, pp. 55-59, Jan.-Feb. 2012, doi:10.1109/MSP.2011.153
Usage of this product signifies your acceptance of the Terms of Use.