| fullrecord |
[{"key": "dc.contributor.author", "value": "Kunnari, Jukka-Pekka", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-12-08T10:27:55Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-12-08T10:27:55Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/84236", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "System Information ja Event Management, eli SIEM-j\u00e4rjestelmist\u00e4 on tullut viime vuosina organisaatioiden kyberturvallisuusvalvonnan keskeinen ratkaisu. J\u00e4rjestelm\u00e4 ker\u00e4\u00e4 ja varastoi loki-, eli tapahtumatietoa organisaation tietoj\u00e4rjestelm\u00e4st\u00e4 t\u00e4ytt\u00e4en paitsi lains\u00e4\u00e4d\u00e4nn\u00f6lliset vaatimukset tapahtumatietojen s\u00e4ilytt\u00e4misest\u00e4, mutta mahdollistaen my\u00f6s tietoj\u00e4rjestelm\u00e4n toiminnan valvonnan ja esimerkiksi haitallisen toiminnan havaitsemisen, koska kyberhy\u00f6kk\u00e4\u00e4jien yleisesti k\u00e4ytt\u00e4mist\u00e4 tekniikoista j\u00e4\u00e4 j\u00e4lki\u00e4 j\u00e4rjestelm\u00e4n lokitietoihin. SIEM-J\u00e4rjestelmien haasteena kuitenkin on, ett\u00e4 tapahtumatietoa kertyy nopeasti hyvin suuria m\u00e4\u00e4ri\u00e4, ja esimerkiksi kyberhy\u00f6kk\u00e4yksen valmistelun merkkien havaitseminen suuresta tietom\u00e4\u00e4r\u00e4st\u00e4 on haastavaa. T\u00e4ss\u00e4 pro gradu -tutkielmassa tarkastellaan mahdollisena ratkaisuna SIEM-j\u00e4rjestelm\u00e4n toiminnan tehostamiseksi ja SIEM-j\u00e4rjestelm\u00e4\u00e4 hy\u00f6dynt\u00e4vien henkil\u00f6iden ty\u00f6n helpottamiseksi yhden teko\u00e4lyn muodon, koneoppimisen, hy\u00f6dynt\u00e4mist\u00e4 osana j\u00e4rjestelm\u00e4n toimintaa. Tutkimuksen p\u00e4\u00e4tutkimuskysymys oli, miten koneoppimista voidaan hy\u00f6dynt\u00e4\u00e4 SIEM-j\u00e4rjestelmiss\u00e4.\nTutkimuksessa selvitettiin tunnettuja, SIEM-j\u00e4rjestelmiss\u00e4 hy\u00f6dynnettyj\u00e4 koneoppimisratkaisuja sek\u00e4 konstruktiiviseen (DSRM; design science research methodology) tutkimusmenetelm\u00e4\u00e4n perustuen toteutettiin luonnollisen kielen prosessointia hy\u00f6dynt\u00e4v\u00e4 koneoppimistoiminnallisuus, joka integroitiin Splunk Enterprise -sovellukseen perustuvaan SIEM-j\u00e4rjestelm\u00e4\u00e4n analysoimaan valvottavan j\u00e4rjestelm\u00e4n Linux-palvelinten lokitietoja.\nTutkimuksen perusteella koneoppimisen integroimiseen osaksi SIEM-j\u00e4rjestelm\u00e4\u00e4 on useita mahdollisia ratkaisuja. Tutkimuksessa toteutetun esimerkkiratkaisun avulla suuri lokim\u00e4\u00e4r\u00e4 voitiin jakaa niiden tekstisis\u00e4ll\u00f6n perusteella omiin ryhmiins\u00e4, sek\u00e4 erottelemaan tapahtumien joukosta muista tapahtumista selv\u00e4sti poikkeavat tapahtumat reaaliajassa rajaten kyberuhkien havaitsemisen kannalta kiinnostavat tapahtumat pienemm\u00e4ksi ryhm\u00e4ksi niiden tarkemman analysoinnin helpottamiseksi.\nKoneoppimisen integroiminen Splunkiin on melko yksinkertaista, koska tarvittavat lis\u00e4osat on saatavilla sovellukseen. Koneoppimismallin kehitt\u00e4minen ja optimointi vaativat kuitenkin useita toistoja ja tulosten jatkuvaa validointia sopivien parametrien l\u00f6yt\u00e4miseksi. Tulokset kuitenkin osoittavat koneoppimisen hy\u00f6dynt\u00e4mispotentiaalin SIEM-j\u00e4rjestelmien tiedonlouhinnassa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "During last few years, System Information and Event Management systems have become the backbone solution for organizations\u2019 cyber situational awareness monitoring. SIEM system collects and stores event or log information from organization\u2019s IT infrastructure to meet not only legal requirements of log manage-ment, but giving a tool to monitor the IT infrastructure, and to detect possible signs of cyber threats, as most of the techniques and tactics commonly used by adversaries leaves traces in the system logs. However, a common defect in SIEM systems is the massive amount of log data generated in every minute, making it very challenging to detect the signs of potential threats. This master\u2019s thesis studies potential machine learning applications in order to enhance the SIEM systems\u2019 capabilities, and to make SIEM system more user-friendly. The main research question of this study was \u201dHow could machine learning be utilized in SIEM systems?\u201d\nIn this research, commonly known applications of machine learning were studied, and an example solution based on natural language processing techniques was developed. The function was integrated into Splunk Enterprise SIEM system for log mining from the Linux servers, following the design science research methodology (DSRM) for IT systems research process.\nThe results show that there are multiple possible solutions to utilize machine learning in SIEM systems. By using the solution proposed in the study, an extensive amount of log data could be divided into own groups and the potentially interesting log data could be separated and categorized for further analysis. Utilizing machine learning in a system like Splunk is relatively uncomplicated, as all the add-on modules are downloadable for all users. On the other hand, developing and optimizing a machine learning model is a long process, requiring multiple iterations and validations to find optimal parameters for the model. The results, however, point out the potential of machine learning, especially for data mining in the SIEM systems.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2022-12-08T10:27:55Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-12-08T10:27:55Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "52", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "SIEM-j\u00e4rjestelm\u00e4", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "lokienhallinta", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "kyberuhka", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Koneoppimisen hy\u00f6dynt\u00e4mismahdollisuudet SIEM-j\u00e4rjestelmiss\u00e4", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202212085498", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "lokit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "koneoppiminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|