Toward an efficient ontology-based event correlation in SIEM

Kenazag, Tayeb and Aiash, Mahdi (2016) Toward an efficient ontology-based event correlation in SIEM. In: 7th International Conference on Ambient Systems, Networks and Technologies (ANT2016), 23-26 May 2016, Madrid, Spain.

[img]
Preview
PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution-NonCommercial-NoDerivatives.

Download (263kB) | Preview

Abstract

Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontology

Item Type: Conference or Workshop Item (Paper)
Research Areas: A. > School of Science and Technology > Computer and Communications Engineering
Item ID: 21923
Notes on copyright: © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the Conference Program Chairs
Useful Links:
Depositing User: Mahdi Aiash
Date Deposited: 07 Jun 2017 13:53
Last Modified: 12 Sep 2018 17:58
URI: http://eprints.mdx.ac.uk/id/eprint/21923

Actions (login required)

Edit Item Edit Item

Full text downloads (NB count will be zero if no full text documents are attached to the record)

Downloads per month over the past year