E-government Alerts Correlation Model

Files in This Item:
File Description SizeFormat 
insight_publication.pdf486.12 kBAdobe PDFDownload
Title: E-government Alerts Correlation Model
Authors: Al-Mahrouqi, Aadil
Abdalla, Sameh
Kechadi, Tahar
Permanent link: http://hdl.handle.net/10197/6619
Date: 19-Nov-2014
Abstract: Qatars IT infrastructure is rapidly growing to encompass the evolution of businesses and economical growth the country is increasingly witnessing throughout its industries. It is now evident that the countrys e-government requirements and associated data management systems are becoming large in number, highly dynamic in nature, and exceptionally attractive for cybercrime activities. Protecting the sensitive data e-government portals are relying on for daily activities is not a trivial task. The techniques used to perform cybercrimes are becoming sophisticated relatively with the firewalls protecting them. Reaching high-level of data protection, in both wired and wireless networks, in order to face recent cybercrime approaches is a challenge that is continuously proven hard to achieve.In a common IT infrastructure, the deployed network devices contain a number of event logs that reside locally within its memory. These logs are in large numbers, and therefore, analyzing them is a time consuming task for network administrators. In addition, a single network event often generates a redundancy of similar event logs that belong to the same class within short time intervals. The large amount of redundancy logs makes it difficult to manage them during forensics investigation. In most cybercrime cases, a single alert log does not contain sufficient information about malicious actionsbackground and invisible network attackers. The information for a particular malicious action or attacker is often distributed among multiple alert logs and among multiple network devices. Forensic investigators mission is to detect malicious activities and reconstruct incident scenarios is now very complex considering the number as well as the quality of these event logs.
Type of material: Conference Publication
Keywords: Machine learningStatisticse-GovernmentNetwork Forensics Correlation modelData miningLog analysis
Other versions: http://www.qf-arc.org
Language: en
Status of Item: Peer reviewed
Conference Details: Qatar Foundation Annual Research Conference, 18-19 November 2014, Qatar
Appears in Collections:Insight Research Collection

Show full item record

Google ScholarTM


This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.