A BI solution to identify vulnerabilities and detect real-time cyber-attacks for an academic CSIRT

Abstract

The present study aims to automate the manual process of disseminating information from an Academic Computer Security Incident Response Team (A-CSIRT) with the purpose to identify cybersecurity threats and cyber-attacks in real time. In order to realize such attempt, we have applied a quantitative and qualitative evaluation of two traffic analysis tools, which have been used by the A-CSIRT, namely the IDS Snort and the Passive Vulnerability Scanner (PVS). This has been completed in order to determine the content of its log registers and their functionalities. Furthermore, we applied progressively the Ralph Kimball Methodology, beginning with the ETL processes for data collection and filtration, and then using the OLAP processes to construct the BI system. Finally, we implemented a Web application using the Scrum methodology, which allowed to link the obtained logs to the BI system for visualization in dynamic dashboards. This permitted to generate early alerts and to construct complex queries using the user interface through objects structures. The results demonstrate, that this solution involves acquiring data and information from a wide variety of sources, which use enables them within a decision-making process.