Abstract
The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Miller, D., Harris, S., Harper, A., Van Dyke, S., Blask, C.: Security Information and Event Management (SIEM) Implementation. Mc Graw Hill (2010)
Morin, B., Me, L., Debar, H., Ducasse, M.: M4D4: A Logical Framework to Support Alert Correlation in Intrusion Detection. Information Fusion Internationale (2008)
Web Ontology Working Group: M4D4: OWL 2 Web Ontology Language, http://www.w3.org/TR/owl2-overview/
Lopez, J., Villagra, V., Holdago, P., De Frutos, E., Sanz, I.: A semantic web approach to share alerts among. Security Information Management Systems (2010)
Undercoffer, J., Joshi, A., Pinkston, J.: M4D4: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: 6th International Symposium on Recent Advances in Intrusion Detection, pp. 113–135. Springer (2003)
Cuppens-Boulahia, N., Cuppens, F., Lopez, J., Vasquez, E., Guerra, J., Debar, H.: An ontology-based approach to react to network attacks. International Journal of Information and Computer Security 3, 280–305 (2009)
Abdoli, F., Kahani, M.: Ontology-based Distributed Intrusion Detection System. In: Proceedings of the 14th International CSI Computer Conference, pp. 65–70. IEEE (2009)
Razzaq, A., Hur, A., Ahmed, H., Haider, N.: Ontology based Application Level Intrusion Detection System by using Bayesian Filter (2009)
Hachem, N., Ben Mustapha, Y., Gonzalez Granadillo, G., Debar, H.: Botnets: lifecycle and taxonomy. In: 6th Conference on Network Architecture and Information Systems Security, IEEE (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gonzalez Granadillo, G., Ben Mustapha, Y., Hachem, N., Debar, H. (2012). An Ontology-Based Model for SIEM Environments. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds) Global Security, Safety and Sustainability & e-Democracy. e-Democracy ICGS3 2011 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 99. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33448-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-33448-1_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33447-4
Online ISBN: 978-3-642-33448-1
eBook Packages: Computer ScienceComputer Science (R0)