This project proposes the evaluation of a hierarchical multivariate analysis methodology for its integration into a SIEM. The hierarchical architecture will be designed so that communication between layers is done with compressed information through multivariate analysis. This compression has the particularity that it does not affect the detection of anomalies.
The hierarchical architecture provides SIEM with important advantages, beyond those of multivariate analysis. This methodology, by using compression, will be able to effectively handle larger amounts of data, including antivirus information, applications or Operating Systems of user devices. Alternatively, this strategy can be used to reduce the network load associated with the sending of security information, which allows a competitive improvement for its application as a SIEM service in networks of mobile devices or the cloud. Finally, the multivariate hierarchical strategy establishes the implicit protection of privacy, which allows the integration of low-level information, including final devices, without violating their privacy.