Filters








132 Hits in 6.8 sec

Toward an Efficient Ontology-Based Event Correlation in SIEM

Tayeb Kenaza, Mahdi Aiash
2016 Procedia Computer Science  
An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontology.  ...  Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation.  ...  Ontology based event correlation The use of the proposed ontology is very suitable for event correlation within a SIEM, when many tools have to cooperate and to exchange information.  ... 
doi:10.1016/j.procs.2016.04.109 fatcat:z2kmm4n5wja75km7qr4jeetffa

Cyber Security Situational Awareness

Huaglory Tianfield
2016 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)  
Situational awareness in the context of cyber security has been well recognized.  ...  In this paper, after revisiting the concept of CSSA, we have aligned the process of CSSA with security data lifecycle and analyzed the requirements of CSSA.  ...  an event sequence.  ... 
doi:10.1109/ithings-greencom-cpscom-smartdata.2016.165 dblp:conf/ithings/Tianfield16 fatcat:bsjzygtzbreepin2mtda7sccne

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Henk Birkholz, Ingo Sieverdingbeck, Karsten Sohr, Carsten Bormann
2012 2012 Seventh International Conference on Availability, Reliability and Security  
In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information.  ...  The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition  ...  The contributions of IO and its corresponding framework are: efficient provision of a central knowledge base by utilizing the taxonomy of an ontology, eliminating the need for redundant acquisition procedures  ... 
doi:10.1109/ares.2012.73 dblp:conf/IEEEares/BirkholzSSB12 fatcat:vauj53zyg5gjza4ybh6hk6o3ny

Risk Management Processes [chapter]

2015 The Operational Auditing Handbook  
In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information.  ...  The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition  ...  The contributions of IO and its corresponding framework are: efficient provision of a central knowledge base by utilizing the taxonomy of an ontology, eliminating the need for redundant acquisition procedures  ... 
doi:10.1002/9781119991083.ch5 fatcat:vjdwj2hv6var3flij2vm3bmzye

DMAPT: Study of Data Mining and Machine Learning Techniques in Advanced Persistent Threat Attribution and Detection [chapter]

P.V. Sai Charan, P. Mohan Anand, Sandeep K. Shukla
2021 Artificial Intelligence  
In this paper, we shed light on various Data Mining, Machine Learning techniques and frameworks used in both Attribution and Detection of APT malware.  ...  Modern-day malware is intelligent enough to hide its presence and perform stealthy operations in the background.  ...  Event Logs Extracting attack vectors from SIEM and One Class SVM logs [17] Continuous Association IDS Logs Identify correlation rules between Rule Mining Algorithm various system events to develop an  ... 
doi:10.5772/intechopen.99291 fatcat:ydgl6j23ifg7tiukns7hdcbv3i

Semantic Technologies and Big Data Analytics for Cyber Defence

Louise Leenen, Thomas Meyer
2016 International Journal of Cyber Warfare and Terrorism  
An overview of the use of semantic technologies and big data technologies in cyber defence is provided, and important areas for future research in the combined domains are discussed.  ...  The purpose is to detect patterns, correlations, trends and other useful information.  ...  The report points out that big data analytics can, for instance, advance security intelligence produced by Security Information and Event Management (SIEM) alerts by "reducing the time for correlating,  ... 
doi:10.4018/ijcwt.2016070105 fatcat:h5pa46gt3zcxrgcdq77qrklk74

VloGraph: A Virtual Knowledge Graph Framework for Distributed Security Log Analysis

Kabul Kurniawan, Andreas Ekelhart, Elmar Kiesling, Dietmar Winkler, Gerald Quirchmayr, A Min Tjoa
2022 Machine Learning and Knowledge Extraction  
efficient graph-based ad-hoc log analyses in federated settings.  ...  Furthermore, graph-pattern based query languages, such as SPARQL, can support rich log analyses by leveraging semantic relationships between objects in heterogeneous log streams.  ...  Security Information and Event Management (SIEM) are widely used to provide a centralized view on security-relevant events inside an organization and focus on data aggregation, correlation, and typically  ... 
doi:10.3390/make4020016 fatcat:qfjdyg2ohnbftawu4bnup2clji

A review of knowledge graph application scenarios in cyber security [article]

Kai Liu, Fei Wang, Zhaoyun Ding, Sheng Liang, Zhengfei Yu, Yun Zhou
2022 arXiv   pre-print
Finally, we have a thorough outlook on several promising research directions based on the discussion of existing research flaws.  ...  In the major part of this article, we conduct a comparative review of the different works that elaborate on the recent progress in the application scenarios of the cyber security knowledge graph.  ...  [119] proposed an integrated security event correlation analysis system to solve the above problem.  ... 
arXiv:2204.04769v1 fatcat:2fkoppbokvfsbojulewbitj2o4

SPHINX Architecture (the first version)

Marco Manso
2019 Zenodo  
In particular, this document provides an overview and the main outcomes of the work performed by the SPHINX Consortium on the SPHINX architectural design, as part of Task 2.5 - SPHINX Architecture and  ...  In addition, this document includes a set of general technical specifications addressing elements of security, reliability, interoperability, and scalability.  ...  To achieve this, an ontology (knowledge model) of the information security (IS) domain is needed.  ... 
doi:10.5281/zenodo.3521682 fatcat:k76x3ndrebaablhkb7o6hdkmfe

Recent Progress of Using Knowledge Graph for Cybersecurity

Kai Liu, Fei Wang, Zhaoyun Ding, Sheng Liang, Zhengfei Yu, Yun Zhou
2022 Electronics  
Finally, based on the analyses of existing research issues, we have a detailed overview of various possible research directions.  ...  We perform a comparative assessment of the many works that expound on the recent advances in the application scenarios of cybersecurity knowledge graph in the majority of this paper.  ...  [119] presented an integrated correlation analysis approach to a cybersecurity event.  ... 
doi:10.3390/electronics11152287 fatcat:2iochkwfn5fujf7l6zobietzye

Video Intelligence as a Component of a Global Security System [chapter]

Dominique Patrick Verdejo, Eunika Mercier-Laurent
2019 IFIP Advances in Information and Communication Technology  
Applying Knowledge Management principles in this research helps with deep problem understanding and facilitates the implementation of efficient information and experience sharing decision support systems  ...  The originality of this work is also the creation of "common" human-machine and machine to machine language and a security ontology.  ...  ACKNOWLEDGEMENTS Inception of this research was presented in 2012 to the Aerospace competitiveness cluster PEGASE, now part of the larger "Pôle Risques" in France where it got a distinction for its "usefulness  ... 
doi:10.1007/978-3-030-29904-0_10 fatcat:gox5shql3rctxbcgan33rvo4wa

SPHINX Architecture v3

Marco Manso
2022 Zenodo  
In particular, this document provides an overview and the main outcomes of the work performed by the SPHINX Consortium on the SPHINX architectural design, as part of Task 2.5 - SPHINX Architecture and  ...  for an efficient situation identification.  ...  Provided are at least the following functionalities: time-based queries, row and column filtering, statistical aggregations, event correlation, event enrichment.  ... 
doi:10.5281/zenodo.6620766 fatcat:wslyix5j3rfmdbsbsfw4dztwyq

Video Intelligence as a component of a Global Security system [article]

Dominique Verdejo, Eunika Mercier-Laurent
2022 arXiv   pre-print
Applying Knowledge Management principles in this research helps with deep problem understanding and facilitates the implementation of efficient information and experience sharing decision support systems  ...  The originality of this work is also the creation of "common" human-machine and machine to machine language and a security ontology.  ...  Acknowledgements Inception of this research was presented in 2012 to the Aerospace competitiveness cluster PEGASE [22], now part of the larger "Pôle Risques" [23] in France where it got a distinction  ... 
arXiv:2201.04349v1 fatcat:q46dhhrzejfrjltvsvgr6hbysu

Intrusion Detection System Test Framework for SCADA Systems

Henrik Waagsnes, Nils Ulltveit-Moe
2018 Proceedings of the 4th International Conference on Information Systems Security and Privacy  
It is agnostic to Intrusion Detection System (IDS) type, and is demonstrated in a case study comparing two popular signature-based IDS engines: Suricata and Snort.  ...  The framework combines several existing components such as Kali Linux, Conpot, QTester104 and OpenMUC in a virtual machine based framework to provide realistic SCADA traffic.  ...  This would allow performing realistic exercises on cyber-attack events that naturally will occur infrequently, thereby increasing the readiness towards such attacks.  ... 
doi:10.5220/0006588202750285 dblp:conf/icissp/WaagsnesU18 fatcat:dnqfatsfrnhwrkwbhwzlrgpkia

Ecossian Brochure [article]

ECOSSIAN Consortium
2017 Zenodo  
The ECOSSIAN brochure provides an overview of the ECOSSIAN concept, its major benefits and the approach taken. The technical framework is described and the key components are illustrated.  ...  open-source SIEM that provides event collection, normalization, and correlation.  ...  Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph.  ... 
doi:10.5281/zenodo.800586 fatcat:gvxbnityevfqpp45grydublvpy
« Previous Showing results 1 — 15 out of 132 results