Next Article in Journal / Special Issue
A Conceptual Design of Spatio-Temporal Agent-Based Model for Volcanic Evacuation
Previous Article in Journal
Social Systems: Resources and Strategies
Article Menu

Export Article

Open AccessArticle
Systems 2017, 5(4), 52; doi:10.3390/systems5040052

An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence

1
Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Av. General Rumiñahui, S/N, Sangolqui 171-5-231-B, Ecuador
2
Corporación Ecuatoriana para el Desarrollo de la Investigación y la Academia, La Condamine 12-109, Ecuador
*
Authors to whom correspondence should be addressed.
Received: 1 October 2017 / Revised: 5 November 2017 / Accepted: 14 November 2017 / Published: 23 November 2017
(This article belongs to the Special Issue Pervasive Simulation for Enhanced Decision Making)

Abstract

Cyber-attacks have increased in severity and complexity. That requires, that the CERT/CSIRT research and develops new security tools. Therefore, our study focuses on the design of an integral model based on Business Intelligence (BI), which provides reactive and proactive services in a CSIRT, in order to alert and reduce any suspicious or malicious activity on information systems and data networks. To achieve this purpose, a solution has been assembled, that generates information stores, being compiled from a continuous network transmission of several internal and external sources of an organization. However, it contemplates a data warehouse, which is focused like a correlator of logs, being formed by the information of feeds with diverse formats. Furthermore, it analyzed attack detection and port scanning, obtained from sensors such as Snort and Passive Vulnerability Scanner, which are stored in a database, where the logs have been generated by the systems. With such inputs, we designed and implemented BI systems using the phases of the Ralph Kimball methodology, ETL and OLAP processes. In addition, a software application has been implemented using the SCRUM methodology, which allowed to link the obtained logs to the BI system for visualization in dynamic dashboards, with the purpose of generating early alerts and constructing complex queries using the user interface through objects structures. The results demonstrate, that this solution has generated early warnings based on the level of criticality and level of sensitivity of malware and vulnerabilities as well as monitoring efficiency, increasing the level of security of member institutions. View Full-Text
Keywords: CSIRT; data warehouse; cyber-attacks; ETL; OLAPS; Kimball; SCRUM; vulnerability analysis; Incident Managers CSIRT; data warehouse; cyber-attacks; ETL; OLAPS; Kimball; SCRUM; vulnerability analysis; Incident Managers
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Fuertes, W.; Reyes, F.; Valladares, P.; Tapia, F.; Toulkeridis, T.; Pérez, E. An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence. Systems 2017, 5, 52.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Systems EISSN 2079-8954 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top