Data Repository for Security Information and Event Management in Service Infrastructures

Igor Kotenko, Olga Polubelova, Igor Saenko

2012

Abstract

Design and implementation of the repository is a critical problem in advanced security information and event management (SIEM) systems, which are SIEM systems of service infrastructures. The paper discusses several innovations which are realized to address this challenge. These include the application of an ontological approach for repository data modeling and a hybrid approach to its development, meaning the combined use of relational databases, XML databases and storage of triplets.

References

  1. AccelOps, 2011. AccelOps Security Information & Event Management (SIEM). http://www.accelops.com/ product/siem.php.
  2. AlienVault, 2011. AlienVault Unified SIEM System description. AlienVault, Campbell, CA. 36 p.
  3. Buecker, A., Amado, J., Druker, D., Lorenz C., Muehlenbrock, F., Tan, R., 2010. IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. IBM Redbooks.
  4. CIM, 2011. Common Information Model (CIM), DMTF. Website. http://dmtf.org/standards/ cim.
  5. Elahi, G., Yu, E., Zannone, N., 2009. A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations. In ER'09 Proc. 28th International Conference on Conceptual Modeling. Springer-Verlag Berlin, Heidelberg.
  6. Guo, M, Wang, J, 2009. An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security. In ASEE Southeast Section Conference.
  7. Heimbigner, 2011. D. DMTF - CIM to OWL: A Case Study in Ontology Conversion. http:// www.docstoc.com/docs/23281194/DMTF---CIM-toOWL-A-Case-Study-in-Ontology-Conversion.
  8. Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S., 2009. Modeling modern network attacks and countermeasures using attack graphs. In Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC 7809), Washington, D.C., USA, IEEE Computer Society.
  9. Kakas, A., Kowalski, R., Toni, F., 2003. Abductive Logic Programming. In Journal of Logic and Computation, V.2, No.6.
  10. Kotenko, I., Stepashkin, M., 2006. Attack Graph based Evaluation of Network Security. In Lecture Notes in Computer Science, Vol. 4237, 2006.
  11. Kowalski, R., Sergot, M., 1986. A logic-based calculus of events. New Generation Computing, V.4.
  12. Li, Z., Chu, C.-H., Yao, W., Behr, R. A., 2010. OntologyDriven Event Detection and Indexing in Smart Spaces. In The 4th IEEE International Conference on Semantic Computing, September 22-24, Carnegie Mellon University, Pittsburgh, PA, USA.
  13. López de Vergara, J., Villagrá, V., Berrocal, J., 2004. Applying the Web Ontology Language to management information definitions. In IEEE Communications Magazine. Vol.42, pp.58-74.
  14. Marco, D., Jennings, M., 2004. Universal Meta Data Models. Wiley.
  15. MASSIF, 2011. Website. http://www.massif-project.eu.
  16. Miller, D., Harris, S., Harper, A., VanDyke, S., Blask, C., 2011. Security information and event management (SIEM) implementation. McGraw-Hill Companies.
  17. Novell, 2010. Novell Sentinel Log Manager 1.0.0.5. Installation Guide.
  18. Ogle, D., Kreger, H., Salahshour, A., Cornpropst, J., Labadie, E., Chessell, M., Horn, B., Gerken, J., Schoech, J., Wamboldt, M., 2004. Canonical Situation Data Format: The Common Base Event V1.0.1. International Business Machines Corporation.
  19. OWL, 2009. OWL 2 Web Ontology Language Document Overview. W3C Recommendation 27 October 2009. http://www.w3.org/TR/owl2-overview .
  20. Parmelee, M, 2010. Toward an Ontology Architecture for Cyber-Security Standards. The MITRE Corporation.
  21. Parsia, B., 2005. Cautiously Approaching SWRL. http://en.wikipedia.org/wiki/PDF.
  22. Prelude, 2011. Prelude Pro 1.0. http://www.preludetechnologies.com/en/welcome/index.html
  23. RDF, 2004. RDF Vocabulary Description Language 1.0: RDF Schema. W3C Recommendation 10 February 2004. http://www.w3.org/TR/rdf-schema.
  24. SCAP, 2011. The Security Content Automation Protocol (SCAP). Website. http://scap.nist.gov.
  25. Shenk, J., 2009. ArcSight Logger 4. Combat Cybercrime, Demonstrate Compliance and Streamline IT Operations. A SANS Whitepaper. January 2009. http://www.arcsight.com/collateral/whitepapers/ArcSi ght_Combat_Cyber_Crime_with_Logger.pdf .
  26. SPARQL, 2008. SPARQL Query Language for RDF. W3C Recommendation, 15 January 2008. http://www.w3.org/TR/rdf-sparql-query
  27. SPIN, 2012. ON-THE-FLY, LTL MODEL CHECKING with SPIN. http://spinroot.com/spin/whatispin.html
  28. Stevens, M, 2005. Security Information and Event Management (SIEM). In The NEbraskaCERT Conference, August 9-11, 2005. http://www.certconf. org/presentations/2005/files/WC4.pdf.
  29. SWRL, 2004. SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Member Submission 21 May 2004. http://www.w3.org/Submission/SWRL/
  30. Teymourian, K., Paschke, A., 2009. Towards Semantic Event Processing. In Proceedings of the Third ACM International Conference on Distributed Event-Based Systems (DEBS 7809). ACM. New York.
  31. Triplestore, 2010. Triple Store Evaluation Analysis Report. Revelytix, Inc.
  32. Vernooy-Gerritsen, M., 2009. Emerging Standards for Enhanced Publications and Repository Technology. Amsterdam University Press.
  33. Virtuoso, 2012. http://virtuoso.openlinksw.com
Download


Paper Citation


in Harvard Style

Kotenko I., Polubelova O. and Saenko I. (2012). Data Repository for Security Information and Event Management in Service Infrastructures . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 308-313. DOI: 10.5220/0004075303080313


in Bibtex Style

@conference{secrypt12,
author={Igor Kotenko and Olga Polubelova and Igor Saenko},
title={Data Repository for Security Information and Event Management in Service Infrastructures },
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={308-313},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004075303080313},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Data Repository for Security Information and Event Management in Service Infrastructures
SN - 978-989-8565-24-2
AU - Kotenko I.
AU - Polubelova O.
AU - Saenko I.
PY - 2012
SP - 308
EP - 313
DO - 10.5220/0004075303080313