A Study on the Development of Next Generation Intelligent Integrated Security Management Model using Big Data Technology

Jeong Beom Kim
2015 International Journal of Security and Its Applications  
In this article, the development of integrated security model for the next generation using big data technology is proposed. The main objective of this model is to make a paradigm shift from managing separate security to managing integrated security with real time basis monitoring of hacking attacks which are coming from all kinds of security input channels, using big data analysis technology. This new model technology can be a more enhanced approach than conventional security technology in
more » ... s of detection and response speed. This new model will contribute to governance and management of security in many areas significantly. Related Study Information Security Factors: There are general approaches based on basic factors as the following. First, information security should support the mission of organization. Second, Information security is an essential factor for the management of organization. Third, Information security should be cost effective. Fourth, Information security should 218 Copyright ⓒ 2015 SERSC be definite for the responsibility and accountability. Fifth, each owner of system is responsible for security management about their external organization as well. Sixth, Information security needs comprehensive and integrated approaching method. Information security should be reevaluated regularly. Seventh, Information security tends to have limitation from social factors [9]. Infrastructure for Information Security Model: The Infrastructure of security system should provide a security architecture, security development, adequately secured and configured system, user access and access right, prompt protection against external attacks and intrusion attempts, adequate incident response, security testing, and monitoring with alert services. [3] There are three models related with this category. Hybrid integrated model is integration of individual security system into one sever or hardware, integrating firewall, IDS, and VPN. Interoperation model is interoperability of individual security system and integration by predefining protocol methodology. Broker model is using broker which enables interoperability and integration of separate security systems. So, each individual system can only focus on its own agents and connectivity. System stability and strong recovery from the security incidents are the key factors of infrastructure in security model with continued advancement of related technologies. This will surely hold high customer loyalty [7]. Existing Integrated Security Management System which are using Relational Data Base Model: The existing integrated security system is based on relational data base architecture, slow in speed if the log volume is huge, detects only traditional incidents, needs high level skill in operation. agility. Monitoring security system needs intelligent architecture to detect and defend diversified security attacks [16] . Technology: The function of new model is as follows. First, this model is using and processing big data analysis for searching and reporting with high speed, and also supports flexible expansion of system up to required resources. When there is a need of new resource increase, this flexible architecture can expand another security process engine. Second, this model analyzes packet network based on L4 and L7. L4 based packet do the analysis focused on packet header data. L7 based packet do the analysis focused on packet main data for the details and exploit of network. Third, this model does the log management with data encryption and forgery prevention programs. Fourth, this model detects abnormal status quickly by tracking destination base. This can detect and monitor whether some data move to the same destination continuously to detect unusual cases. [6] This also detects abnormal protocol and status based on data flow by analyzing usage trends. This model can detect abnormal symptoms in early stage by analyzing network packet usage status. Fifth, this model detects all the threats based on new technology of natural language algorithm. This model analyzes all log types based on IP address alignment which are security side data. And leverage the results from detection lesson for future review for accidental threats. Sixth, this model can detect weak points of security related systems and applications. This model find out the weak spots of sever systems and network equipments which are consisting security infrastructure. This model also checks intensively weak points of application area which are running the business process. Seventh, this model does the lifecycle management in weak point area. This model monitors frequent weak portion and reaction cases for the compliance purpose by assigning the responsible staff to handle the weak point management. Eighth, this model does the analysis activities about the security incidents by means of profiling response management as well as provision of solved or not solved criteria. This model alerts
doi:10.14257/ijsia.2015.9.6.21 fatcat:oa6oxi6uljbp7isxc52tjrzkdm