Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM

<table class="algorithm-group"><tr><td><table class="algorithm" id="lst1"><tr><td colspan="2">1 initialize bufferOfEvents to zero</td></tr><tr><td colspan="2">2 initialize threshold to maximumTolerable</td></tr><tr><td colspan="2">3 <b>while</b> bufferOfEvents <b>is not</b> empty</td></tr><tr><td colspan="2">4  Get newEvent <b>from</b> bufferOfEvents</td></tr><tr><td colspan="2">5  Analize newEvent against correlationRules</td></tr><tr><td colspan="2">6  If newEvent matches a correlationRule</td></tr><tr><td colspan="2">7   matchedRuleCounter = matchedRuleCounter + 1</td></tr><tr><td colspan="2">8   If matchedRuleCounter &gt;= threshold</td></tr><tr><td colspan="2">9    <b>print</b> “Event confirms an attack in progress”</td></tr><tr><td colspan="2">10    Inform the system Admin</td></tr><tr><td colspan="2">11    Launch an Incident Response</td></tr><tr><td colspan="2">12   <b>else</b></td></tr><tr><td colspan="2">13    <b>print</b> “Event matches a rule but is not even an attack”</td></tr><tr><td colspan="2">14  <b>else</b></td></tr><tr><td colspan="2">15   <b>print</b> “Event did not match any rule”</td></tr></table></td></tr></table>

<div>Reception and processing of security events by a SIEM.</div>

Wireless Communications and Mobile Computing

lst1

Listing 1

Listing 1: Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM 