SIEM with LSA technique for Threat identification

摘要

Security in the heterogeneous and complex network is very challenged for administrators. They need to handle with a lot of devices, and perform the task of protection and prevention plan for securing the network from the threats. The Security Information and Event Management (SIEM) is one of the most common tools that helps administrators to deal with current situation. It helps to manage and identify the threats. Moreover, it will initiate a proper an action to protect the network against the right threats and also generate a report for the administrators. However, the amount of threats is increasing rapidly, and the variation of threats is also another issue for identifying. The Latent Semantic Analysis (LSA) was proposed in this paper to help alleviate these problems. It would improve the performance by reducing the unnecessary noise in a huge data generated from devices. It is also used to detect a similar threat pattern relying on similarity between threats and events/logs. The experiments showed that LSA approach can help eliminating not significant data used in the threat identifying process without degradation of the accuracy.