Abstract

Network Services are confronted with a growing amount and diversity of attacks. The detection of such intrusion attempts however is getting more complex. This is mainly a result of more sophisticated attacks and a consequence of the more ubiquitous and overall more complex IT ecosystem. The resulting rapidly increasing network traffic makes it extremely hard to detect and prevent attacks in traditional ways. This paper proposes Security Information Management (SIM) enhancements considering Big Data Analysis principles. In the context of Cyber- Security, the blueprint and implementation presented can be adopted in organizations or Smart City contexts. After devising a blueprint for Big Data enhanced SIM based on the latest research, the system architecture and the resulting implementation are presented. The blueprint and implementation have been field- tested in a real world SIM large scale environment and evaluated with real network security logs. Our research is timely, since the application of Big Data principles to SIM environments has been rarely investigated so far, and there exists the need for a general concept of enhancement possibilities.