Network Intrusion Detection: SIEM with Snort and Splunk

Faculty Mentor

Dr. Hayden Wimmer

Location

Poster 225

Session Format

Poster Presentation

Academic Unit

Department of Information Technology

Background

Snort and Splunk perform different tasks. In order for both to function more effectively for network security, integration of the two enhances functionality. Snort performs traffic detection but is limited in its ability to process data. Splunk specializes in processing data but is limited in detecting traffic on its own.

Keywords

Allen E. Paulson College of Engineering and Computing Student Research Symposium, Distributed Denial of Service, DDoS, Advanced Persistent Threats, APTs, Artificial Intelligence, AI, Security Information and Event Management, SIEM

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Presentation Type and Release Option

Presentation (File Not Available for Download)

Start Date

2022 12:00 AM

January 2022

This document is currently not available here.

Share

COinS
 
Jan 1st, 12:00 AM

Network Intrusion Detection: SIEM with Snort and Splunk

Poster 225

In recent years, there has been a considerable uptick in various cyberattacks. In recent years, there has been an increasing trend for Distributed Denial of Service (DDoS), ransomware, botnets, and Advanced Persistent Threats (APTs), among other attacks. The there has also been an increase in peak size and frequency for DDoS attacks. Cyber threats are evolving to bypass traditional or legacy security systems. In past iterations, cyberattacks contain a malicious digital signature. Traditional systems would be trained to recognize these digital signatures, alert security analysts, log the threat, and block it from entering the system. This model was sufficient to protect business networks from external attacks. Cyberattacks have become more sophisticated, especially through the application of different Artificial Intelligence (AI) principles. Novel cyberattacks have the ability to mask digital signatures or have unknown signatures, allowing them to circumvent traditional security models. Traditional security devices are becoming obsolete with newer waves of cyberattacks. Newer devices are needed to protect networks from novel attacks. Security Information and Event Management (SIEM) devices are an advancement for cybersecurity to counter novel attacks. SIEMs give security analysts the ability to centralize security logs, generate system-wide alerts, and analyze anomalies within the network. SIEMs work in conjunction with security devices to create an overarching security network.