VaultBox: Enhancing the Security and Effectiveness of Security Analytics

Devharsh Trivedi, Nikos Triandopoulos

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Security tools like Firewalls, IDS, IPS, SIEM, EDR, and NDR effectively detect and block threats. However, these tools depend on the system, application, and event logs. Logs are the key ingredient for various purposes, including troubleshooting performance issues, satisfying compliance mandates, and monitoring and improving security. In addition, logs from multiple machines are collected and fed to the Security Information and Event Management (SIEM) system for further security analysis. Therefore, a SIEM system’s efficiency and effectiveness depend heavily on the quality and quantity of logs provided. Unfortunately, logs are often targeted brutally and tampered with after a successful intrusion to cover the attack’s traces. Thus it becomes critical to protect the confidentiality, integrity, availability, and authenticity of logs at rest or transit. This paper proposes a novel scheme to prevent logs from tampering, detect any tampering, and recuperate logs if lost or corrupt. Our scheme is forward-secure, replicated, randomized, and rate-less, aiming to help securely store and transmit logs to SIEM.

Original languageEnglish
Title of host publicationScience of Cyber Security - 5th International Conference, SciSec 2023, Proceedings
EditorsMoti Yung, Chao Chen, Weizhi Meng
Pages401-422
Number of pages22
DOIs
StatePublished - 2023
Event5th International Conference on Science of Cyber Security, SciSec 2023 - Melbourne, Australia
Duration: 11 Jul 202314 Jul 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14299 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Conference on Science of Cyber Security, SciSec 2023
Country/TerritoryAustralia
CityMelbourne
Period11/07/2314/07/23

Keywords

  • LT codes
  • Rateless encoding
  • SIEM security
  • Secure coding
  • Secure logging
  • Security analytics

Fingerprint

Dive into the research topics of 'VaultBox: Enhancing the Security and Effectiveness of Security Analytics'. Together they form a unique fingerprint.

Cite this