The Ontological Approach for SIEM Data Repository Implementation

@article{Kotenko2012TheOA,
  title={The Ontological Approach for SIEM Data Repository Implementation},
  author={Igor V. Kotenko and Olga Polubelova and Igor Saenko},
  journal={2012 IEEE International Conference on Green Computing and Communications},
  year={2012},
  pages={761-766}
}
The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security, including distributed networks of internet enabled objects (as in the Internet of Things). The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository and… 
Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems
TLDR
The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations, and proposes the hybrid architecture of the repository proposed for implementation in SIEM systems.
The Ontology of Metrics for Security Evaluation and Decision Support in SIEM Systems
TLDR
A new approach on using security metrics which is based on their ontological representation and serves for comprehensive security evaluation and subsequent countermeasure generation is proposed.
Aggregation of elastic stack instruments for collecting, storing and processing of security information and events
  • I. Kotenko, Artem Kuleshov, I. Ushakov
  • Computer Science
    2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI)
  • 2017
The paper suggests an approach to construction of the system for collecting, storing and processing of data and security events on the basis of aggregation of instruments provided by Elastic Stack.
SIEM implementation for global and distributed environments
  • I. Anastasov, D. Davcev
  • Computer Science
    2014 World Congress on Computer Applications and Information Systems (WCCAIS)
  • 2014
TLDR
A new model and architecture for SIEM implementation that is using multiple hierarchical SIEM Managers is proposed, called “Hierarchical Managers Model”, and it is demonstrated how this model and Architecture could be created and enabled in the leading SIEM system - ArcSight ESM.
Exploring the applicability of SIEM technology in IT security
The changing Information Security (IS) landscape and increased legal, regulatory and audit compliance requirements have driven organisations to collect, maintain, securely store and regularly analyse
Data Warehouse Design for Security Applications Using Distributed Ontology-Based Knowledge Representation
TLDR
An approach based on the data warehouse architecture that consists of distributed smart database micro services patterns, which are represented by the distributed ontology, is proposed, using novel distributed dynamic description logic for knowledge representation.
Conceptual Framework for Understanding Security Requirements: A Preliminary Study on Stuxnet
TLDR
A layered conceptual framework is proposed to better understand the problem from specific instances to generalized abstractions, so that it can eventually provide a good set of security requirements.
A high-level domain-specific language for SIEM (design, development and formal verification)
TLDR
The HDSL enhances the SIEM correlation capabilities by providing a tranquil approach for writing the correlation rules, and is introduced as a high-level domain-specific language (HDSL) which simplifies rule creation for theSIEM system.
Correlation of security events based on the analysis of structures of event types
  • A. Fedorchenko, I. Kotenko, D. E. Baz
  • Computer Science
    2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS)
  • 2017
TLDR
The paper suggests to build a graph of types of events with direct and indirect links between them to use a previously not applied method of rank correlation, alongside with other intelligent methods for the automated analysis of events.
SIEM approach for a higher level of IT security in enterprise networks
TLDR
The SIMU project, funded by the BMBF and presented in this paper, offers several features of a SIEM system with better handling and more efficient use in the SME environment.
...
1
2
...

References

SHOWING 1-10 OF 24 REFERENCES
Security Information and Event Management (SIEM)
  • E. Schultz
  • Computer Science
    Encyclopedia of Information Assurance
  • 2011
TLDR
What SIEM technology is, the functionality it delivers, the benefits as well as the possible downsides of using this technology, and how to manage this technology to achieve maximum benefits are explained.
Dealing with the formal analysis of Information Security policies through ontologies: a case study
We present the structure of an ontology for Information Security (IS), applied to the extraction of knowledge from Natural Language texts (IS standards, security policies and security control
Attack Goal Generation Using Description Logic-based Knowledge Representation
TLDR
A security threat assessment on the computer network using attack goal generation tool is required to assess the vulnerabilities and to search the possible attack goals, using the Racer Query Language (RQL).
Building and Managing the Meta Data Repository: A Full Lifecycle Guide
TLDR
Building and Managing the Meta Data Repository: A Full Lifecycle Guide is an excellent resource for any IT professional and shows how to use meta data to increase your company's revenue and decrease expenses.
A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments
TLDR
A security framework for collaborative applications that relies on the role-based access control (RBAC) model, which uses the Google Maps API, which is particularly suited to collaborative applications where the users’ geospatial locations are of interest.
Confident Firewall Policy Configuration Management using Description Logic
The provisioning of a firewall is one of the first important steps toward securing access control to a network. However, the effectiveness of a firewall’s access control may be limited or compromised
Attack Modelling and Security Evaluation for Security Information and Event Management
TLDR
The suggested approach incorporates usage of service dependency graphs and zero-day vulnerabilities to produce attack graph, calculation of security metrics based on attack graph and service dependencies and advanced any-time techniques for attack graph generation and security evaluation, etc.
Critical Capabilities for Security Information and Event Management
Deployment and support simplicity is important for all use cases, due to the resource constraints of most IT security organizations. This can be achieved by vendor-supplied correlation rules, alerts,
Generalising Event Forensics Across Multiple Domains
TLDR
It is demonstrated that the semantic web language OWL can be extended to be rapidly applied to events sourced from new domains, enabling cross-domain correlation, and that the new approach will accommodate standardised component ontologies which model the separate domains under consideration.
Analyzing web access control policies
TLDR
This paper presents a formalization of XACML using description logics (DL), which are a decidable fragment of First-Order logic, and provides empirical evaluation of a policy analysis tool that was implemented on top of open source DL reasoner Pellet.
...
1
2
3
...