원문정보
초록
영어
Today’s security initiatives have encouraged incorporation of physical security and information security into converged security for greater effectiveness and capabilities. However, efforts for converging security have largely limited to the issues of the organizational structure with respect to streamlining processes and abstract frameworks for security management. To go beyond just a buzz word of converged security, it should be necessary to bring significant technical merits from this convergence. In this work, we consider “event correlations” that examine any associations between events coming from the above two distinctive worlds to provide greater capabilities for preventing unauthorized access to high-security computers, as a tangible step towards convergence of security. For this purpose, we introduce our approach using event categorization that maps physical events to a finite number of classes (five) instead of considering event types individually for feasibility, and also show how to define correlation rules with the categories. In addition, we present our prototype system that implements the incorporation of two typical physical security entities: a door/gate access control and a video surveillance system. Our exploration presented in this paper would be beneficial for guiding future development of a diverse range of converged security functions.
목차
1. Introduction
2. Related Works
2.1. Converged Security
2.2. Event Correlation Engine for Information Security
3. Security Events
3.1. Physical Security Devices (PSDs)
3.2. Physical Security Event Features
3.3. Event Logs from High-security Computers
4. Two-tier Event Correlation Engine
4.1. Event Sensing on the First Stage
4.2. Event Correlation
4.3. Automatic Correlation Rule Generation
4.4. Event Correlation Operation on the Second Stage
5. Prototyping and Preliminary Evaluation
6. Conclusions
Acknowledgments
References