An ontology-based modelling and reasoning for alerts correlation. (22nd January 2021)
- Record Type:
- Journal Article
- Title:
- An ontology-based modelling and reasoning for alerts correlation. (22nd January 2021)
- Main Title:
- An ontology-based modelling and reasoning for alerts correlation
- Authors:
- Kenaza, Tayeb
- Abstract:
- SIEM is a modern and powerful security tool thanks to several functions that it provides to take benefit of collected data, such as normalisation and aggregation. The main important function is events correlation, when security operators can get a precise and quick picture about threats and attacks in real-time. The quality of that picture depends on the efficiency of the adopted reasoning approach to putting together pieces of information provided by several analysers. In this paper, we propose a semantic approach based on description logics (DLs) which is a powerful tool for knowledge representation and reasoning. Indeed, ontology provides a comprehensive environment to represent information for intrusion detection and allows easy maintaining of information or adding new ones. We implemented a rule-based engine for alert correlation based on the proposed ontology and two attack scenarios are carried out to show the usefulness of our approach.
- Is Part Of:
- International journal of data mining, modelling and management. Volume 13:Number 1/2(2021)
- Journal:
- International journal of data mining, modelling and management
- Issue:
- Volume 13:Number 1/2(2021)
- Issue Display:
- Volume 13, Issue 1/2 (2021)
- Year:
- 2021
- Volume:
- 13
- Issue:
- 1/2
- Issue Sort Value:
- 2021-0013-NaN-0000
- Page Start:
- 65
- Page End:
- 80
- Publication Date:
- 2021-01-22
- Subjects:
- information security -- intrusion detection -- security information and event management system -- SIEM -- alert correlation -- rules-based reasoning -- ontology -- ontology web language -- OWL -- Semantic Web Rule Language -- SWRL
Data mining -- Periodicals
Information science -- Periodicals
Databases -- Periodicals
005.7 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijdmmm ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1759-1163
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 14885.xml