Toward an efficient ontology-based event correlation in SIEM

Kenazag, Tayeb and Aiash, Mahdi ORCID logoORCID: (2016) Toward an efficient ontology-based event correlation in SIEM. Procedia Computer Science, Vol 83: The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) / The 6th International Conference on Sustainable Energy Information Technology (SEIT-2016) / Affiliated Workshops. In: 7th International Conference on Ambient Systems, Networks and Technologies (ANT2016), 23-26 May 2016, Madrid, Spain. . ISSN 1877-0509 [Conference or Workshop Item] (doi:10.1016/j.procs.2016.04.109)

PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution-NonCommercial-NoDerivatives 4.0.

Download (263kB) | Preview


Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontology

Item Type: Conference or Workshop Item (Paper)
Research Areas: A. > School of Science and Technology > Computer and Communications Engineering
Item ID: 21923
Notes on copyright: © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
Peer-review under responsibility of the Conference Program Chairs
Useful Links:
Depositing User: Mahdi Aiash
Date Deposited: 07 Jun 2017 13:53
Last Modified: 29 Nov 2022 21:59

Actions (login required)

View Item View Item


Activity Overview
6 month trend
6 month trend

Additional statistics are available via IRStats2.