Skip to main content
SpringerLink
Log in

Semantic Events

A New Linguistics-Inspired Way to Interpret and Represent Events

  • Conference paper
  • First Online:
Proceedings of SAI Intelligent Systems Conference (IntelliSys) 2016 (IntelliSys 2016)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 16))

Included in the following conference series:

  • 2685 Accesses

Abstract

As cyber-attacks increase in frequency and sophistication, the need for intelligent automated defenses increases, but the quality of software logs available for this purpose is questionable. To address this problem a whole new approach to logging is proposed in this paper, one called semantic events. The approach developed out of an empirical, qualitative investigation of a range of logs and existing standards, and is motivated by the desire to normalize events in order to conduct broad cross-log analyses to detect security issues. A key finding is that logs are often hard to understand. An analysis of the causes of this led to the development of a linguistics-inspired event model and a method to interpret and represent logs using a kind of controlled natural language, the essence of the semantic events. They are convertible to an ontology that can be loaded into Protégé to perform reasoning and consistency checking. Crucially, they are stored in a knowledge base for re-use across logs to enable broad analyses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Oliner, A., Stearley, J.: What supercomputers say: a study of five system logs. In: 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007, Edinburgh, pp. 575–584 (2007)

    Google Scholar 

  2. List-Log-Format-2.0. http://help.sap.com/saphelp_nw73ehp1/helpdata/en/53/82dae7c2f5439a8afd1b0ee95c2e45/content.htm?frameset=/en/47/e11b700b713c86e10000000a42189c/frameset.htm

  3. Kent, K., Souppaya, M.: Guide to Computer Security Log Management, NIST Special Publication 800-92, p. 5 (2006)

    Google Scholar 

  4. Uschold, M., Gruninger, M., et al.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11(2), 93–136 (1996)

    Article  Google Scholar 

  5. Bonial, C., Corvey, W., Palmer, M., Petukhova, V., Bunt, H.: A hierarchical unification of LIRICS and VerbNet semantic roles. In: Proceedings of the ICSC Workshop on Semantic Annotation for Computational Linguistic Resources (SACL-ICSC 2011), September 2011

    Google Scholar 

  6. Protégé. http://protege.stanford.edu/

  7. Tognini-Bonelli, E.: Working with corpora: issues and insights. In: Coffin, C., et al. (eds.) Applying English Grammar. The Open University, Arnold (2004)

    Google Scholar 

  8. Kuhn, T.: A survey and classification of controlled natural languages. Comput. Linguist. 40(1), 121–170 (2014)

    Article  Google Scholar 

  9. Palo Alto Networks: Common Event Format Configuration Guide, May (2014). https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/cef/pan-os-60-CEF-guide.pdf

  10. Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical object log format for normalisation of security events. In: Information Assurance and Security (IAS 2013), pp. 25–30, December 2013

    Google Scholar 

  11. Feiertag, R., et al.: A Common Intrusion Specification Language (CISL). DARPA, 6 May 1999. http://gost.isi.edu/cidf/drafts/language19990506.txt

  12. The CEE Board: Common Event Expression. MITRE (2008). https://cee.mitre.org/docs/Common_Event_Expression_White_Paper_June_2008.pdf

  13. McGuire, G., Reid, E.: The State of Security Automation Standards - 2011: A Survey. MITRE (2011). http://www.mitre.org/sites/default/files/pdf/11_3822.pdf

  14. DMTF: Cloud Audit Data Federation - OpenStack Profile: (CADF-OpenStack) A CADF Representation for OpenStack, version 1.1.0 (2015). http://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf

  15. IBM: IBM Qradar Security Intelligence Platform 7.2.5. http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.5/com.ibm.qradar.doc_7.2.5/c_qradar_adm_event_categories.html

  16. Novell: Sentinel Event Schema. https://www.novell.com/developer/plugin-sdk/event_schema.html

Download references

Acknowledgment

This work was made possible by the encouragement and support of highly valued colleagues.

Author information

Authors and Affiliations

  1. SAP SE: Security Research, Karlsruhe, Germany

    Susan Marie Thomas

Authors
  1. Susan Marie Thomas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Susan Marie Thomas .

Editor information

Editors and Affiliations

  1. Faculty of Computing and Engineering, School of Computing and Mathematics, University of Ulster at Jordanstown, Newtownabbey, United Kingdom

    Yaxin Bi

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, United Kingdom

    Supriya Kapoor

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, United Kingdom

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Thomas, S.M. (2018). Semantic Events. In: Bi, Y., Kapoor, S., Bhatia, R. (eds) Proceedings of SAI Intelligent Systems Conference (IntelliSys) 2016. IntelliSys 2016. Lecture Notes in Networks and Systems, vol 16. Springer, Cham. https://doi.org/10.1007/978-3-319-56991-8_56

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-56991-8_56

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-56990-1

  • Online ISBN: 978-3-319-56991-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation