Enhanced Security Using Elasticsearch and Machine Learning
Enhanced Security Using Elasticsearch and Machine Learning
The purpose of this paper is to highlight how can Elasticsearch be used to enhance the security of your applications and your cloud infrastructure by combining intrusion detection systems with machine learning techniques in order to detect possible attacks. It will cover the setup and configuration of a test environment for anomaly detection and network security alerting using Elasticsearch as the core for storing data. Snort is used for monitoring, alongside system and network analytics collected via Metricbeat and Packetbeat. Built-in machine learning jobs from Elastic will be used to find disturbances in the normal operation of the devices. To create a baseline dataset the Damn Vulnerable Web application is used to generate analytics and alerts upon exploiting the vulnerabilities exposed.
- University of Bucharest Romania
- Polytechnic University of Bucharest Romania
citations This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).9 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 10%
Citations provided by BIP!Popularity provided by BIP!