An Ontology-Based Model for SIEM Environments

Autor: Nabil Hachem, Hervé Debar, Gustavo Gonzalez Granadillo, Yosra Ben Mustapha
Přispěvatelé: Département Réseaux et Services de Télécommunications (RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Centre National de la Recherche Scientifique (CNRS)
Rok vydání: 2012
Předmět:
Zdroj: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ISBN: 9783642334474
ICGS3/e-Democracy
ICGS3 '11 : 7th International Conference in Global Security, Safety and Sustainability
ICGS3 '11 : 7th International Conference in Global Security, Safety and Sustainability, Aug 2011, Thessalonik, Greece. pp.148-155, ⟨10.1007/978-3-642-33448-1_21⟩
DOI: 10.1007/978-3-642-33448-1_21
Popis: International audience; The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.
Databáze: OpenAIRE
Externí odkaz: