{"title":"Evaluation of the data handling pipeline of the ASTRID framework","authors":"M. Repetto, G. Lamanna","doi":"10.1109/NetSoft54395.2022.9844122","DOIUrl":null,"url":null,"abstract":"Effective attack detection and security analytics rely on the availability of timely and fine-grained information about the evolving context of the protected environment. The data handling process entails collection from heterogeneous sources, local aggregation and transformation operations before transmission, and finally collection and delivery to multiple processing engines for analysis and correlation. Many Security Information and Event Management (SIEM) tools work according to the “funnel” principle: gather as much data as possible and then filter it to keep the relevant information. However, this might lead to unacceptable overhead, especially when monitoring containerized environments. As part of our activity in ASTRID, we therefore conducted experimental investigation on resource consumption of the data handling pipeline, starting from embedded agents up to delivery to the Context Broker.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NetSoft54395.2022.9844122","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Effective attack detection and security analytics rely on the availability of timely and fine-grained information about the evolving context of the protected environment. The data handling process entails collection from heterogeneous sources, local aggregation and transformation operations before transmission, and finally collection and delivery to multiple processing engines for analysis and correlation. Many Security Information and Event Management (SIEM) tools work according to the “funnel” principle: gather as much data as possible and then filter it to keep the relevant information. However, this might lead to unacceptable overhead, especially when monitoring containerized environments. As part of our activity in ASTRID, we therefore conducted experimental investigation on resource consumption of the data handling pipeline, starting from embedded agents up to delivery to the Context Broker.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
