Multi-Channel Fusion Model for Data Logs Analysis and Anomaly Detection in Data Centers رسالة ماجستير

Abstract

In a computer data center environment, the operation of numerous systems is highly sensitive due to the critical nature of the services they provide. Maintaining uninterrupted operations and upholding the triad pyramid of security, which encompasses confidentiality, integrity, and availability (CIA), is imperative. Currently, the security event logs sourced from various channels, including SIEM agents, IDS, IPS, antivirus, and other security devices, are monitored individually and separately. This leads to incidents being displayed on each device without any correlation with other security incidents. Additionally, the actions taken by security appliances are locally applied to the respective devices without coordination with neighbouring devices, creating a disjointed security framework. This study is dedicated to enhancing the security posture of systems and applications operating within data centers, focusing on the comprehensive logging of security events on all devices and applications to achieve information security purposes. This study presents a novel security procedural model to bridge the gap in the aforementioned security framework. The model integrates the playbook decision into a harmonious orchestration concept of data center peripheral devices by being implemented on the devices and applications within the data center. The new approach aims to enhance the security maturity by applying the action of decision taken by the model either creating or updating existing controls on all nodes. Following the implementation of this new model, notable improvements were observed. Specifically, there was a clear increase in the effectiveness of the IPS based on the actions reflected in the security devices chain. Also, there was a significant reduction in false positives compared to the previous IDS/IPS framework. This highlights the effectiveness of the new model in enhancing the security stance and operational integrity of the data center environment