Research Article
An Ontology-Based Model for SIEM Environments
@INPROCEEDINGS{10.1007/978-3-642-33448-1_21, author={Gustavo Gonzalez Granadillo and Yosra Ben Mustapha and Nabil Hachem and Herve Debar}, title={An Ontology-Based Model for SIEM Environments}, proceedings={Global Security, Safety and Sustainability \& e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers}, proceedings_a={ICGS3 \& E-DEMOCRACY}, year={2012}, month={10}, keywords={SIEM Ontology Data Model}, doi={10.1007/978-3-642-33448-1_21} }- Gustavo Gonzalez Granadillo
Yosra Ben Mustapha
Nabil Hachem
Herve Debar
Year: 2012
An Ontology-Based Model for SIEM Environments
ICGS3 & E-DEMOCRACY
Springer
DOI: 10.1007/978-3-642-33448-1_21
Abstract
The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.