An ontology-based model for SIEM environments

Gustavo Gonzalez Granadillo; Yosra Ben Mustapha; Nabil Hachem; Herve Debar

doi:10.1007/978-3-642-33448-1_21

An ontology-based model for SIEM environments

Gustavo Gonzalez Granadillo
, Yosra Ben Mustapha
, Nabil Hachem
, Herve Debar

CNRS UMR 5157 SAMOVAR

Research output: Contribution to journal › Conference article › peer-review

Abstract

The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.

Original language	English
Pages (from-to)	148-155
Number of pages	8
Journal	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	99 LNICST
DOIs	https://doi.org/10.1007/978-3-642-33448-1_21
Publication status	Published - 7 Nov 2012
Event	Joint 7th International Conference on Global Security, Safety and Sustainability, ICGS3 2011, and the 4th Conference on e-Democracy - Thessaloniki, Greece Duration: 24 Aug 2011 → 26 Aug 2011

Keywords

Data Model
Ontology
SIEM

Access to Document

10.1007/978-3-642-33448-1_21

Cite this

@article{1f2dbb1a9b574676816cbd70776dba74,

title = "An ontology-based model for SIEM environments",

abstract = "The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.",

keywords = "Data Model, Ontology, SIEM",

author = "\{Gonzalez Granadillo\}, Gustavo and \{Ben Mustapha\}, Yosra and Nabil Hachem and Herve Debar",

year = "2012",

month = nov,

day = "7",

doi = "10.1007/978-3-642-33448-1\_21",

language = "English",

volume = "99 LNICST",

pages = "148--155",

journal = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

issn = "1867-8211",

note = "Joint 7th International Conference on Global Security, Safety and Sustainability, ICGS3 2011, and the 4th Conference on e-Democracy ; Conference date: 24-08-2011 Through 26-08-2011",

}

TY - JOUR

T1 - An ontology-based model for SIEM environments

AU - Gonzalez Granadillo, Gustavo

AU - Ben Mustapha, Yosra

AU - Hachem, Nabil

AU - Debar, Herve

PY - 2012/11/7

Y1 - 2012/11/7

N2 - The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.

AB - The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.

KW - Data Model

KW - Ontology

KW - SIEM

UR - https://www.scopus.com/pages/publications/84869594197

U2 - 10.1007/978-3-642-33448-1_21

DO - 10.1007/978-3-642-33448-1_21

M3 - Conference article

AN - SCOPUS:84869594197

SN - 1867-8211

VL - 99 LNICST

SP - 148

EP - 155

JO - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

JF - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

T2 - Joint 7th International Conference on Global Security, Safety and Sustainability, ICGS3 2011, and the 4th Conference on e-Democracy

Y2 - 24 August 2011 through 26 August 2011

ER -

An ontology-based model for SIEM environments

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this