Litcius/Paper detail

A logging maturity and decision model for the selection of intrusion detection cyber security solutions

Manuel Kern, Max Landauer, Florian Skopik, Edgar Weippl

2024Computers & Security12 citationsDOIOpen Access PDF

Abstract

Many modern cyber attack techniques cannot be prevented. Logging and monitoring, however, offer a means to at least detect these techniques early, and therefore become increasingly important for defense. Many companies are unfortunately reluctant to invest more in cyber security logging and monitoring or hire additional security staff to operate detective solutions. There is a need for a methodology to pick appropriate cyber security solutions from the vast pool of available products. Our model takes requirements mandated by common standards from ISO, NIST, BSI and the like into account. While standards and guidelines remain at a high abstraction level and are applicable to different organizations over a long period of time, guidance on implementation becomes outdated comparatively quickly. We propose a novel logging maturity and decision model for the selection of the best fitting cyber security solutions for an organization. The novelty is that this model accounts for constraints in the selection process, such as cost, complexity, compliance, and relevance to the organization's assets. We validate the model with MITRE ATT&CK framework data and apply it to illustrative use cases based on our survey.

Topics & Concepts

Computer scienceLoggingIntrusion detection systemMaturity (psychological)Computer securitySelection (genetic algorithm)Decision treeIntrusionData miningArtificial intelligenceGeologyGeochemistryEcologyPsychologyBiologyDevelopmental psychologyNetwork Security and Intrusion DetectionInformation and Cyber SecurityAdvanced Malware Detection Techniques
A logging maturity and decision model for the selection of intrusion detection cyber security solutions | Litcius