Skip to Main content Skip to Navigation
Conference papers

An ontology-based model for SIEM environments

Abstract : The management of security events, from the analysis of attacks and risk to the selection of appropriate countermeasures, has become a major concern for security analysts and IT administrators. Furthermore, network and system devices are designed to be heterogeneous, with different characteristics and functionalities that increase the difficulty of these tasks. This paper introduces an ontology-driven approach to address the aforementioned problems. The proposed model takes into account the two main aspects of this field, the information that is manipulated by SIEM environments and the operations that are applied to this information, in order to reach the desired goals. We present a case study on Botnets to illustrate the utilization of our model.
Document type :
Conference papers
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-00728521
Contributor : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Submitted on : Thursday, September 6, 2012 - 11:54:12 AM
Last modification on : Friday, November 6, 2020 - 6:06:01 PM

Identifiers

Citation

Gustavo Daniel Gonzalez Granadillo, Yosra Ben Mustapha, Nabil Hachem, Hervé Debar. An ontology-based model for SIEM environments. ICGS3 '11 : 7th International Conference in Global Security, Safety and Sustainability, Aug 2011, Thessalonik, Greece. pp.148-155, ⟨10.1007/978-3-642-33448-1_21⟩. ⟨hal-00728521⟩

Share

Metrics

Record views

187