Implementing a Semantic Approach for Events Correlation in SIEM Systems

Abstract : Efficient reasoning in intrusion detection needs to manipulate different information provided by several analyzers in order to build a reliable overview of the underlying monitored system trough a central security information and event management system (SIEM). SIEM provides many functions to take benefit of collected data, such as Normalization, Aggregation, Alerting, Archiving, Forensic analysis, Dashboards, etc. The most relevant function is Correlation, when we can get a precise and quick picture about threats and attacks in real time. Since information provided by SIEM is in general structured and can be given in XML, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation and reasoning. Indeed, Ontology provides a comprehensive environment to represent any kind of information in intrusion detection. Moreover, basing on DLs and rules, Ontology is able to ensure a decidable reasoning. Basing on the proposed ontology, an alert correlation prototype is implemented and two attack scenarios are carried out to show the usefulness of the semantic approach.
Document type :
Conference papers
Abdelmalek Amine; Malek Mouhoub; Otmane Ait Mohamed; Bachir Djebbar. 6th IFIP International Conference on Computational Intelligence and Its Applications (CIIA), May 2018, Oran, Algeria. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-522, pp.648-659, 2018, Computational Intelligence and Its Applications. 〈10.1007/978-3-319-89743-1_55〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01913909
Contributor : Hal Ifip <>
Submitted on : Wednesday, November 7, 2018 - 10:40:45 AM
Last modification on : Thursday, November 8, 2018 - 1:12:24 PM
Document(s) archivé(s) le : Friday, February 8, 2019 - 1:36:04 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2021-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Tayeb Kenaza, Abdelkarim Machou, Abdelghani Dekkiche. Implementing a Semantic Approach for Events Correlation in SIEM Systems. Abdelmalek Amine; Malek Mouhoub; Otmane Ait Mohamed; Bachir Djebbar. 6th IFIP International Conference on Computational Intelligence and Its Applications (CIIA), May 2018, Oran, Algeria. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-522, pp.648-659, 2018, Computational Intelligence and Its Applications. 〈10.1007/978-3-319-89743-1_55〉. 〈hal-01913909〉

Share

Metrics

Record views

26