Nowadays, most devices can connect and communicate data. One example is IoT devices, technological devices that can communicate information gathered from the environment with a high degree of automation, communicating the data through networks. New IoT devices and increasingly reliable and fast wireless networks make it easy to collect large amounts of data with high accuracy. The introduction of these new technologies has created new vulnerabilities in complex systems, allowing an attacker to breach them more easily. Attackers use these devices, which generally lack important protections because they are composed of minimal hardware. Generally, the attackers' goal is to capture data, create malfunctions, steal sensitive and personal information and more. In order to protect and limit the actions of possible attackers, new software has been developed to neutralise or reduce vulnerabilities in a complex system. An example of software that belongs to this category is SIEM which is analysed in this thesis. They make it possible to analyse real-time data and logs to understand the system situation. They give the possibility of creating a history of the information collected by the system, indexing the data allowing efficient and fast analysis. In addition, they make it possible to visualise the collected data in a user-friendly way. The introduction of artificial intelligence has made these tools more precise, allowing the automatic creation of thresholds that generate alerts in critical situations if exceeded. These tools may also be able to autonomously analyse the environment, identify any vulnerability in the system, and respond to certain situations autonomously. In this thesis, SIEM and IoT are combined. The purpose is to evaluate the effectiveness of the tool in protecting a complex system that also consists of IoT devices. Greenhouse sensors are simulated communicating data using the MQTT protocol. DoS attacks are performed in the system and the network status is collected using SIEM. With the use of the SIEM, user-friendly visualisations are made available to the security teams to easily analyse and evaluate the status of the system. In conclusion, the combination of IoT devices and SIEM is effective and easy to implement, thanks in part to the use of the MQTT data protocol. This provides end-users with a tool that allows them to easily detect and resolve vulnerabilities that may be present within a complex system, relating to security, authentication and authorisation. They can also evaluate the information collected by the sensors. Thanks to the low cost of implementation, and ease and intuitiveness of deployment, this combination can also be easily used by end-users without high economic means and in any field, becoming a tool accessible to anyone.

Nowadays, most devices can connect and communicate data. One example is IoT devices, technological devices that can communicate information gathered from the environment with a high degree of automation, communicating the data through networks. New IoT devices and increasingly reliable and fast wireless networks make it easy to collect large amounts of data with high accuracy. The introduction of these new technologies has created new vulnerabilities in complex systems, allowing an attacker to breach them more easily. Attackers use these devices, which generally lack important protections because they are composed of minimal hardware. Generally, the attackers' goal is to capture data, create malfunctions, steal sensitive and personal information and more. In order to protect and limit the actions of possible attackers, new software has been developed to neutralise or reduce vulnerabilities in a complex system. An example of software that belongs to this category is SIEM which is analysed in this thesis. They make it possible to analyse real-time data and logs to understand the system situation. They give the possibility of creating a history of the information collected by the system, indexing the data allowing efficient and fast analysis. In addition, they make it possible to visualise the collected data in a user-friendly way. The introduction of artificial intelligence has made these tools more precise, allowing the automatic creation of thresholds that generate alerts in critical situations if exceeded. These tools may also be able to autonomously analyse the environment, identify any vulnerability in the system, and respond to certain situations autonomously. In this thesis, SIEM and IoT are combined. The purpose is to evaluate the effectiveness of the tool in protecting a complex system that also consists of IoT devices. Greenhouse sensors are simulated communicating data using the MQTT protocol. DoS attacks are performed in the system and the network status is collected using SIEM. With the use of the SIEM, user-friendly visualisations are made available to the security teams to easily analyse and evaluate the status of the system. In conclusion, the combination of IoT devices and SIEM is effective and easy to implement, thanks in part to the use of the MQTT data protocol. This provides end-users with a tool that allows them to easily detect and resolve vulnerabilities that may be present within a complex system, relating to security, authentication and authorisation. They can also evaluate the information collected by the sensors. Thanks to the low cost of implementation, and ease and intuitiveness of deployment, this combination can also be easily used by end-users without high economic means and in any field, becoming a tool accessible to anyone.

IoT oriented SIEM tools

MAGGIOLO, NICOLA
2021/2022

Abstract

Nowadays, most devices can connect and communicate data. One example is IoT devices, technological devices that can communicate information gathered from the environment with a high degree of automation, communicating the data through networks. New IoT devices and increasingly reliable and fast wireless networks make it easy to collect large amounts of data with high accuracy. The introduction of these new technologies has created new vulnerabilities in complex systems, allowing an attacker to breach them more easily. Attackers use these devices, which generally lack important protections because they are composed of minimal hardware. Generally, the attackers' goal is to capture data, create malfunctions, steal sensitive and personal information and more. In order to protect and limit the actions of possible attackers, new software has been developed to neutralise or reduce vulnerabilities in a complex system. An example of software that belongs to this category is SIEM which is analysed in this thesis. They make it possible to analyse real-time data and logs to understand the system situation. They give the possibility of creating a history of the information collected by the system, indexing the data allowing efficient and fast analysis. In addition, they make it possible to visualise the collected data in a user-friendly way. The introduction of artificial intelligence has made these tools more precise, allowing the automatic creation of thresholds that generate alerts in critical situations if exceeded. These tools may also be able to autonomously analyse the environment, identify any vulnerability in the system, and respond to certain situations autonomously. In this thesis, SIEM and IoT are combined. The purpose is to evaluate the effectiveness of the tool in protecting a complex system that also consists of IoT devices. Greenhouse sensors are simulated communicating data using the MQTT protocol. DoS attacks are performed in the system and the network status is collected using SIEM. With the use of the SIEM, user-friendly visualisations are made available to the security teams to easily analyse and evaluate the status of the system. In conclusion, the combination of IoT devices and SIEM is effective and easy to implement, thanks in part to the use of the MQTT data protocol. This provides end-users with a tool that allows them to easily detect and resolve vulnerabilities that may be present within a complex system, relating to security, authentication and authorisation. They can also evaluate the information collected by the sensors. Thanks to the low cost of implementation, and ease and intuitiveness of deployment, this combination can also be easily used by end-users without high economic means and in any field, becoming a tool accessible to anyone.
2021
IoT oriented SIEM tools
Nowadays, most devices can connect and communicate data. One example is IoT devices, technological devices that can communicate information gathered from the environment with a high degree of automation, communicating the data through networks. New IoT devices and increasingly reliable and fast wireless networks make it easy to collect large amounts of data with high accuracy. The introduction of these new technologies has created new vulnerabilities in complex systems, allowing an attacker to breach them more easily. Attackers use these devices, which generally lack important protections because they are composed of minimal hardware. Generally, the attackers' goal is to capture data, create malfunctions, steal sensitive and personal information and more. In order to protect and limit the actions of possible attackers, new software has been developed to neutralise or reduce vulnerabilities in a complex system. An example of software that belongs to this category is SIEM which is analysed in this thesis. They make it possible to analyse real-time data and logs to understand the system situation. They give the possibility of creating a history of the information collected by the system, indexing the data allowing efficient and fast analysis. In addition, they make it possible to visualise the collected data in a user-friendly way. The introduction of artificial intelligence has made these tools more precise, allowing the automatic creation of thresholds that generate alerts in critical situations if exceeded. These tools may also be able to autonomously analyse the environment, identify any vulnerability in the system, and respond to certain situations autonomously. In this thesis, SIEM and IoT are combined. The purpose is to evaluate the effectiveness of the tool in protecting a complex system that also consists of IoT devices. Greenhouse sensors are simulated communicating data using the MQTT protocol. DoS attacks are performed in the system and the network status is collected using SIEM. With the use of the SIEM, user-friendly visualisations are made available to the security teams to easily analyse and evaluate the status of the system. In conclusion, the combination of IoT devices and SIEM is effective and easy to implement, thanks in part to the use of the MQTT data protocol. This provides end-users with a tool that allows them to easily detect and resolve vulnerabilities that may be present within a complex system, relating to security, authentication and authorisation. They can also evaluate the information collected by the sensors. Thanks to the low cost of implementation, and ease and intuitiveness of deployment, this combination can also be easily used by end-users without high economic means and in any field, becoming a tool accessible to anyone.
IoT
SIEM
Network Security
File in questo prodotto:
File Dimensione Formato  
Maggiolo_Nicola.pdf

accesso aperto

Dimensione 3.91 MB
Formato Adobe PDF
3.91 MB Adobe PDF Visualizza/Apri

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/10638