Toward an efficient ontology-based event correlation in SIEM

Kenazag, Tayeb and Aiash, Mahdi ORCID: (2016) Toward an efficient ontology-based event correlation in SIEM. Procedia Computer Science, Vol 83: The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) / The 6th International Conference on Sustainable Energy Information Technology (SEIT-2016) / Affiliated Workshops. In: 7th International Conference on Ambient Systems, Networks and Technologies (ANT2016), 23-26 May 2016, Madrid, Spain. . ISSN 1877-0509 [Conference or Workshop Item] (doi:10.1016/j.procs.2016.04.109)

PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution-NonCommercial-NoDerivatives.

Download (263kB) | Preview


Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontology

Item Type: Conference or Workshop Item (Paper)
Research Areas: A. > School of Science and Technology > Computer and Communications Engineering
Item ID: 21923
Notes on copyright: © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
Peer-review under responsibility of the Conference Program Chairs
Useful Links:
Depositing User: Mahdi Aiash
Date Deposited: 07 Jun 2017 13:53
Last Modified: 10 Feb 2021 16:54

Actions (login required)

View Item View Item

Full text downloads (NB count will be zero if no full text documents are attached to the record)

Downloads per month over the past year