Network Intrusion Detection: SIEM with Snort and Splunk
Faculty Mentor
Dr. Hayden Wimmer
Location
Poster 225
Session Format
Poster Presentation
Academic Unit
Department of Information Technology
Background
Snort and Splunk perform different tasks. In order for both to function more effectively for network security, integration of the two enhances functionality. Snort performs traffic detection but is limited in its ability to process data. Splunk specializes in processing data but is limited in detecting traffic on its own.
Keywords
Allen E. Paulson College of Engineering and Computing Student Research Symposium, Distributed Denial of Service, DDoS, Advanced Persistent Threats, APTs, Artificial Intelligence, AI, Security Information and Event Management, SIEM
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Presentation Type and Release Option
Presentation (File Not Available for Download)
Start Date
2022 12:00 AM
January 2022
Network Intrusion Detection: SIEM with Snort and Splunk
Poster 225
In recent years, there has been a considerable uptick in various cyberattacks. In recent years, there has been an increasing trend for Distributed Denial of Service (DDoS), ransomware, botnets, and Advanced Persistent Threats (APTs), among other attacks. The there has also been an increase in peak size and frequency for DDoS attacks. Cyber threats are evolving to bypass traditional or legacy security systems. In past iterations, cyberattacks contain a malicious digital signature. Traditional systems would be trained to recognize these digital signatures, alert security analysts, log the threat, and block it from entering the system. This model was sufficient to protect business networks from external attacks. Cyberattacks have become more sophisticated, especially through the application of different Artificial Intelligence (AI) principles. Novel cyberattacks have the ability to mask digital signatures or have unknown signatures, allowing them to circumvent traditional security models. Traditional security devices are becoming obsolete with newer waves of cyberattacks. Newer devices are needed to protect networks from novel attacks. Security Information and Event Management (SIEM) devices are an advancement for cybersecurity to counter novel attacks. SIEMs give security analysts the ability to centralize security logs, generate system-wide alerts, and analyze anomalies within the network. SIEMs work in conjunction with security devices to create an overarching security network.