A Signal Theory Model for Security Monitoring using CheckMK
Continuous monitoring of intelligent systems is used to analyze data and text from various sources. They usually monitor things such as risk, controls, opportunities, competition, and other concerns. While there exists literature that provides information on the capabilities of this kind of system, there has been a limited theoretical development in this field. The information sources monitored by these systems provide signals related to events, activities, or issues. However, selecting the appropriate information sources is not a simple task, because it is influenced by factors such as time, cost, redundancy, reliability, or weak signals. Furthermore, for the monitored signals, it is recommended to generate some analytics to study the flow and have a traceability of the issue we are dealing with. In this paper, a signal theory model is introduced and applied to address some of these issues regarding the SSH brute-force attacks. I will use a tool called CheckMK and its capabilities to implement a signal theory model used for monitoring security of a system.
O'Leary, Daniel E., A Signal Theory Model for Continuous Monitoring and Intelligence Systems (September 9, 2020). Available at SSRN: https://ssrn.com/abstract=3746001 or http://dx.doi.org/10.2139/ssrn.3746001J.
Phoung M. Cao et al, CAUDIT: Continuous Auditing of SSH Servers To Mitigate Brute-Force Attacks. Available at https://www.usenix.org/conference/nsdi19/presentation/cao.
Faust, Joshua, "Distributed Analysis of SSH Brute Force and Dictionary Based Attacks" (2018). Culminating Projects in Information Assurance. 56.
Spence, M., Job Market Signaling, The Quarterly Journal of Economics, Vol. 87, No. 3. (Aug., 1973), pp. 355-374.
Connelly, B., Certo, S., Ireland, R., Reutzel, C., (2011) “Signaling Theory: A Review and Assessment,” Journal of Management, (37.2), January 2011, pp. 39-67.
Jeonghoon Park, “Network Log-Based SSH Brute-Force Attack Detection Model”, Tech Science Press, 2021.
Daniels, Jeff, “Server virtualization architecture and implementation” XRDS: Crossroads, The ACM Magazine for Students Volume 16Issue 1September 2009 pp 8–12 https://doi.org/10.1145/1618588.1618592.
Ghafir, I., Prenosil, V., Svoboda, J., & Hammoudeh, M. (2016). A Survey on Network Security Monitoring Systems. 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW). doi:10.1109/w-ficloud.2016.30.
Official Documentation of CheckMK: https://docs.checkmk.com/latest/en/.
Official Documentation of Ubuntu: https://releases.ubuntu.com/.
Official Documentation of VirtualBox: https://www.virtualbox.org/wiki/Documentation.