Skip to main content
SpringerLink
Log in

An Ontology-Based Model for SIEM Environments

  • Conference paper
Global Security, Safety and Sustainability & e-Democracy (e-Democracy 2011, ICGS3 2011)

Abstract

The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Miller, D., Harris, S., Harper, A., Van Dyke, S., Blask, C.: Security Information and Event Management (SIEM) Implementation. Mc Graw Hill (2010)

    Google Scholar 

  2. Morin, B., Me, L., Debar, H., Ducasse, M.: M4D4: A Logical Framework to Support Alert Correlation in Intrusion Detection. Information Fusion Internationale (2008)

    Google Scholar 

  3. Web Ontology Working Group: M4D4: OWL 2 Web Ontology Language, http://www.w3.org/TR/owl2-overview/

  4. Lopez, J., Villagra, V., Holdago, P., De Frutos, E., Sanz, I.: A semantic web approach to share alerts among. Security Information Management Systems (2010)

    Google Scholar 

  5. Undercoffer, J., Joshi, A., Pinkston, J.: M4D4: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: 6th International Symposium on Recent Advances in Intrusion Detection, pp. 113–135. Springer (2003)

    Google Scholar 

  6. Cuppens-Boulahia, N., Cuppens, F., Lopez, J., Vasquez, E., Guerra, J., Debar, H.: An ontology-based approach to react to network attacks. International Journal of Information and Computer Security 3, 280–305 (2009)

    Article  Google Scholar 

  7. Abdoli, F., Kahani, M.: Ontology-based Distributed Intrusion Detection System. In: Proceedings of the 14th International CSI Computer Conference, pp. 65–70. IEEE (2009)

    Google Scholar 

  8. Razzaq, A., Hur, A., Ahmed, H., Haider, N.: Ontology based Application Level Intrusion Detection System by using Bayesian Filter (2009)

    Google Scholar 

  9. Hachem, N., Ben Mustapha, Y., Gonzalez Granadillo, G., Debar, H.: Botnets: lifecycle and taxonomy. In: 6th Conference on Network Architecture and Information Systems Security, IEEE (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecom Sudparis, SAMOVAR UMR 5157, 9 rue Charles Fourier, 91011, Evry, France

    Gustavo Gonzalez Granadillo, Yosra Ben Mustapha, Nabil Hachem & Herve Debar

Authors
  1. Gustavo Gonzalez Granadillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yosra Ben Mustapha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nabil Hachem
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Herve Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Applied Informatics, University of East London , 156 Egnatio Street, 54006, Thessaloniki, Greece

    Christos K. Georgiadis

  2. School of Architecture & Engineering, University of East London, Docklands Campus 4-6, University Way, E16 2RD, London, UK

    Hamid Jahankhani

  3. School of Architecture Computing & Engineering, University of East London, Docklands Campus 4-6 University Way, E16 2RD, London, UK

    Elias Pimenidis , Rabih Bashroush  & Ameer Al-Nemrat ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Gonzalez Granadillo, G., Ben Mustapha, Y., Hachem, N., Debar, H. (2012). An Ontology-Based Model for SIEM Environments. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds) Global Security, Safety and Sustainability & e-Democracy. e-Democracy ICGS3 2011 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 99. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33448-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33448-1_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33447-4

  • Online ISBN: 978-3-642-33448-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation