 An ontology-based modelling and reasoning for alerts correlationTayeb Kenaza International Journal of Data Mining, Modelling and Management, 2021, vol. 13, issue 1/2, 65-80 Abstract: SIEM is a modern and powerful security tool thanks to several functions that it provides to take benefit of collected data, such as normalisation and aggregation. The main important function is events correlation, when security operators can get a precise and quick picture about threats and attacks in real-time. The quality of that picture depends on the efficiency of the adopted reasoning approach to putting together pieces of information provided by several analysers. In this paper, we propose a semantic approach based on description logics (DLs) which is a powerful tool for knowledge representation and reasoning. Indeed, ontology provides a comprehensive environment to represent information for intrusion detection and allows easy maintaining of information or adding new ones. We implemented a rule-based engine for alert correlation based on the proposed ontology and two attack scenarios are carried out to show the usefulness of our approach. Keywords: information security; intrusion detection; security information and event management system; SIEM; alert correlation; rules-based reasoning; ontology; ontology web language; OWL; Semantic Web Rule Language; SWRL. (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:ids:ijdmmm:v:13:y:2021:i:1/2:p:65-80 Access Statistics for this article More articles in International Journal of Data Mining, Modelling and Management from Inderscience Enterprises Ltd |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.