Searchable Privacy-Enabled Information and Event Management Solution.
MetadataShow full item record
With network traffic proliferating over the last couple of decades, there is an increasing need to monitor security information in order to prevent and resolve network security threats. A Security Information and Event Management (SIEM) solution collects all the alerts that the various Intrusion Detection and Prevention Systems (IDS/IDP or IDPS) generates, as well as security logs from various other systems, into one database so that the security analyst (SA) can more easily get an overview of the threat activity. A privacy enhanced anonymization and deanonymization protocol (Anonymiser/ Reversible Anonymiser) has been used to prevent a first-line security analyst, without proper clearance, getting access to personal identifiable information (PII) and/or other types of confidential information that are not allowed to leave the network perimeter. Some examples may be PII sampled in IP packets, critical address information and network architecture. This thesis proposes an architectural design for a new SIEM solution which utilises a reversible anonymizer (RA) for enabling privacy-enhanced data collection and on demand deanonymization of anonymized alarms.
Masteroppgave informasjons- og kommunikasjonsteknologi - Universitetet i Agder, 2015