Security Information and Event Management (SIEM) is a combination of Security Information Management and Security Event Management. SIEM helps in the collection of events from heterogeneous devices and ordering into Common Event Format. The events collected are correlated and observed for changes in the system behaviour. Homogeneous Events such as DoS/Probe attacks can be detected by monitoring single event source. In this paper, TCP SYN flood attack is considered. RETE algorithm is applied on the network event attributes to formulate the rules and stored in database. An alert is triggered, when the rule for TCP SYN attack is matched. © 2017 The Author(s).
cited By 0; Conference of 7th International Conference on Advances in Computing and Communications, ICACC 2017 ; Conference Date: 22 August 2017 Through 24 August 2017; Conference Code:131212
M. S. N. Raja and Vasudevan, A. R., “Rule Generation for TCP SYN Flood attack in SIEM Environment”, in Procedia Computer Science, 2017, vol. 115, pp. 580-587.