Providing SIEM systems with self-adaptation

Created by W.Langdon from gp-bibliography.bib Revision:1.4420

  author =       "Guillermo Suarez-Tangil and Esther Palomar and 
                 Arturo Ribagorda and Ivan Sanz",
  title =        "Providing {SIEM} systems with self-adaptation",
  journal =      "Information Fusion",
  year =         "2015",
  volume =       "21",
  month =        jan,
  pages =        "145--158",
  keywords =     "genetic algorithms, genetic programming, SIEM, Event
                 correlation, Artificial neural networks, Adaptive
  ISSN =         "1566-2535",
  DOI =          "doi:10.1016/j.inffus.2013.04.009",
  URL =          "",
  abstract =     "Security information and event management (SIEM) is
                 considered to be a promising paradigm to reconcile
                 traditional intrusion detection processes along with
                 most recent advances on artificial intelligence
                 techniques in providing automatic and self-adaptive
                 systems. However, classic management-related flaws
                 still persist, e.g. the fusion of large amounts of
                 security events reported from many heterogeneous
                 systems, whilst novel intriguing challenges arise
                 specially when dealing with the adaptation to newly
                 encountered and multi-step attacks. In this article, we
                 provide SIEM correlation with self-adaptation
                 capabilities to optimise and significantly reduce the
                 intervention of operators. In particular, our enhanced
                 correlation engine automatically learns and produces
                 correlation rules based on the context for different
                 types of multi-step attacks using genetic programming.
                 The context is considered as the knowledge and
                 reasoning, not only acquired by a human expert but also
                 inferred by our system, which assist in the
                 identification and fusion of events. In this regard, a
                 number of artificial neural networks are trained to
                 classify events according to the corresponding context
                 established for the attack. Experimentation is
                 conducted on a real deployment within OSSIM to validate
                 our proposal.",

Genetic Programming entries for Guillermo Nicolas Suarez de Tangil Rotaeche Esther Palomar Gonzalez D Arturo Ribagorda Garnacho Ivan Sanz