 Real-Time Cyber Analytics Data Collection FrameworkHerbert Maosa,
Karim Ouazzane and
Viktor Sowinski-Mydlarz
International Journal of Information Security and Privacy (IJISP), 2022, vol. 16, issue 1, 1-10 Abstract: In cyber security, it is critical that event data is collected in as near real time as possible to enable early detection and response to threats. Performing analytics from event logs stored in databases slows down the response time due to the time cost of database insertion and retrieval operations. The authors present a data collection framework that minimizes the need for long-term storage. Events are buffered in memory, up to a configurable threshold, before being streamed in real time using live streaming technologies. The framework deploys virtualized data collecting agents that ingest data from multiple sources including threat intelligence. The framework enables the correlation of events from various sources, improving detection precision. The authors have tested the framework in a real time, machine-learning-based threat detection system. The results show a time gain of 300 milliseconds in transmission time from event capture to analytics system, compared with storage-based collection frameworks. Threat detection was measured at 95%, which is comparable to the benchmark snort IDS. Date: 2022 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:jisp00:v:16:y:2022:i:1:p:1-10 Access Statistics for this article International Journal of Information Security and Privacy (IJISP) is currently edited by Yassine Maleh More articles in International Journal of Information Security and Privacy (IJISP) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.