Research Article
Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM
Listing 1
Reception and processing of security events by a SIEM.
1 initialize bufferOfEvents to zero | 2 initialize threshold to maximumTolerable | 3 while bufferOfEvents is not empty | 4 Get newEvent from bufferOfEvents | 5 Analize newEvent against correlationRules | 6 If newEvent matches a correlationRule | 7 matchedRuleCounter = matchedRuleCounter + 1 | 8 If matchedRuleCounter >= threshold | 9 print “Event confirms an attack in progress” | 10 Inform the system Admin | 11 Launch an Incident Response | 12 else | 13 print “Event matches a rule but is not even an attack” | 14 else | 15 print “Event did not match any rule” |
|