Cyber Defence Library

Using Security Logs for Collecting and Reporting Technical Security Metrics

Using Security Logs for Collecting and Reporting Technical Security Metrics

During recent years, establishing proper metrics for measuring system security has received increasing attention. Security logs contain vast amounts of information which are essential for creating many security metrics. Unfortunately, security logs are known to be very large, making their analysis a difficult task. Furthermore, recent security metrics research has focused on generic concepts, and the issue of collecting security metrics with log analysis methods has not been well studied. In this paper, we will first focus on using log analysis techniques for collecting technical security metrics from security logs of common types (e.g., network IDS alarm logs, workstation logs, and Netflow data sets). We will also describe a production framework for collecting and reporting technical security metrics which is based on novel open-source technologies for big data.