An ontology-driven approach to model SIEM information and operations using the SWRL formalism
作者: Gustavo Gonzalez Granadillo , Yosra Ben Mustapha , Nabil Hachem , Herve Debar
DOI: 10.1504/IJESDF.2012.048412
关键词:
摘要: The management of security events, from the risk analysis to selection appropriate countermeasures, has become a major concern for analysts and IT administrators. Furthermore, fact that network system devices are heterogeneous, increases difficulty these administrative tasks. This paper introduces an ontology-driven approach address aforementioned problems. proposed model takes into account two aspects: information operations manipulated by SIEM environments in order reach desired goals. uses ontologies provide simplicity on description concepts, relationships instances domain. semantics web rule languages used describe logic rules needed infer among individuals classes. A case study Botnets is presented at end this illustrate concrete utilisation our model.
archives-ouvertes.fr
sci-hub.se 参考文章(10)
Van Nguyen, Ontologies and Information Systems: A Literature Survey ,(2011)
Mireille Ducass, Ludovic M, Benjamin Morin, M4D4: a Logical Framework to Support Alert Correlation in Intrusion Detection ,(2008)
H. Lan, SWRL : A semantic Web rule language combining OWL and ruleML World Wide Web Consortium (W3C). ,(2004)
Stefan Fenz, Andreas Ekelhart, Formalizing information security knowledge Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS '09. pp. 183- 194 ,(2009) , 10.1145/1533057.1533084
Almut Herzog, Nahid Shahmehri, Claudiu Duma, An Ontology of Information Security International Journal of Information Security and Privacy. ,vol. 1, pp. 1- 23 ,(2007) , 10.4018/JISP.2007100101
Nora Cuppens-Boulahia, Frederic Cuppens, Fabien Autrel, Herve Debar, An ontology-based approach to react to network attacks conference on risks and security of internet and systems. ,vol. 3, pp. 280- 305 ,(2008) , 10.1504/IJICS.2009.031041
F. Abdoli, M. Kahani, Ontology-based distributed intrusion detection system 2009 14th International CSI Computer Conference. pp. 65- 70 ,(2009) , 10.1109/CSICC.2009.5349372
Abdul Razzaq, Hafiz Farooq Ahmed, Ali Hur, Nasir Haider, Ontology based application level intrusion detection system by using Bayesian filter 2009 2nd International Conference on Computer, Control and Communication. pp. 1- 6 ,(2009) , 10.1109/IC4.2009.4909223
Jeffrey Undercoffer, Anupam Joshi, John Pinkston, Modeling Computer Attacks: An Ontology for Intrusion Detection recent advances in intrusion detection. pp. 113- 135 ,(2003) , 10.1007/978-3-540-45248-5_7
Nabil Hachem, Yosra Ben Mustapha, Gustavo Gonzalez Granadillo, Herve Debar, Botnets: Lifecycle and Taxonomy 2011 Conference on Network and Information Systems Security. pp. 1- 8 ,(2011) , 10.1109/SAR-SSI.2011.5931395