论文信息 - An Ontology-Based Model for SIEM Environments

An Ontology-Based Model for SIEM Environments

The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.

Hervé Debar | Gustavo Gonzalez Granadillo | Yosra Ben Mustapha | Nabil Hachem

[1] Anupam Joshi,et al. Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.

[2] Gustavo Gonzalez Granadillo,et al. Botnets: Lifecycle and Taxonomy , 2011, 2011 Conference on Network and Information Systems Security.

[3] E. Eugene Schultz. Security Information and Event Management (SIEM) , 2011, Encyclopedia of Information Assurance.

[4] Nora Cuppens-Boulahia,et al. An ontology-based approach to react to network attacks , 2009, Int. J. Inf. Comput. Secur..

[5] Benjamin Morin,et al. M4D4: a Logical Framework to Support Alert Correlation in Intrusion Detection , 2008 .

[6] Jorge E. López de Vergara,et al. A Semantic Web Approach to Share Alerts among Security Information Management Systems , 2009 .

[7] Abdul Razzaq,et al. Ontology based application level intrusion detection system by using Bayesian filter , 2009, 2009 2nd International Conference on Computer, Control and Communication.

[8] M. Kahani,et al. Ontology-based distributed intrusion detection system , 2009, 2009 14th International CSI Computer Conference.

[9] Hervé Debar,et al. A logic-based model to support alert correlation in intrusion detection , 2009, Inf. Fusion.