Data-Driven Field Mapping of Security Logs for Integrated Monitoring - Critical Infrastructure Protection XIII Access content directly
Conference Papers Year : 2019

Data-Driven Field Mapping of Security Logs for Integrated Monitoring


As industrial control system vulnerabilities and attacks increase, security controls must be applied to operational technologies. The growing demand for security threat monitoring and analysis techniques that integrate information from security logs has resulted in enterprise security management systems giving way to security information and event management systems. Nevertheless, it is vital to implement some form of pre-processing to collect, integrate and analyze security events efficiently. Operators still have to manually check entire security logs or write scripts or parsers that draw on domain knowledge, tasks that are time-consuming and error-prone.To address these challenges, this chapter focuses on the data-driven mapping of security logs to support the integrated monitoring of operational technology systems. The characteristics of security logs from security appliances used in critical infrastructure assets are analyzed to create a tool that maps different security logs to field categories to support integrated system monitoring. The tool reduces the effort needed by operators to manually process security logs even when the logged data generated by security appliances has new or modified formats.
Fichier principal
Vignette du fichier
491841_1_En_13_Chapter.pdf (410.96 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03364573 , version 1 (04-10-2021)





Seungoh Choi, Yesol Kim, Jeong-Han Yun, Byung-Gil Min, Hyoung-Chun Kim. Data-Driven Field Mapping of Security Logs for Integrated Monitoring. 13th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2019, Arlington, VA, United States. pp.253-268, ⟨10.1007/978-3-030-34647-8_13⟩. ⟨hal-03364573⟩
41 View
9 Download



Gmail Facebook Twitter LinkedIn More