The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.
López de Vergara, J.E.; Villagrá, V.A.; Holgado, P.; de Frutos, E.; Sanz, I. A semantic Web approach to share alerts among security information management systems. Commun. Comput. Inf. Sci. 2010, 72, 27–38, doi:10.1007/978-3-642-16120-9_14.
Cruz, I.F.; Gjomemo, R.; Lin, B.; Orsini, M. A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments. In Proceedings of the 4th International Conference on Collaborative Computing, Orlando, FL, USA, 13–16 November 2008; pp. 322–339.
Fitzgerald, W.M.; Foley, S.N.; O’Foghlu, M. Confident Firewall Policy Configuration Management using Description Logic. In Proceedings of the Twelfth Nordic Workshop on Secure IT Systems, Reykjavik, Iceland, 11–12 October 2007.
Taylor, K.; Leidinger, L. Ontology-Driven Complex Event Processing in Heterogeneous Sensor Networks. The Semanic Web: Research and Applications. In Proceedings of the 8th Extended Semantic Web Conference (ESWC’11), Heraklion, Greece, 29–30 May 2011; pp. 285–299.
Razzaq, A.; Ahmed, H.F.; Hur, A.; Haider, N. Ontology Based Application Level Intrusion Detection System by Using Bayesian Filter. In Proceedings of 2nd International Conference on Computer, Control and Communication (IC4), Karachi, Pakistan, 17–18 February 2009; pp. 1–6.
Rochaeli, T.; Eckert, C. Attack Goal Generation Using Description Logic-Based Knowledge Representation. In Proceedings of the 2005 International Workshop on Description Logics (DL2005), Edinburgh, Scotland, UK, 26–28 July 2005.
Schatz, B.; Mohay, G.; Clark, A. Generalizing Event Forensics across Multiple Domains. In Proceedings of the 2nd Australian Computer Network & Information Forensics Conference (Forensics 2004), Edith Cowan University, Perth, Australia, 25 November 2004; pp. 136–144.
Ogle, D.; Kreger, H.; Salahshour, A.; Cornpropst, J.; Labadie, E.; Chessell, M.; Horn, B.; Gerken, J.; Schoech, J.; Wamboldt, M. Canonical Situation Data Format: The Common Base Event V1.0.1; International Business Machines Corporation: Armonk, NY, USA, 2004.
Curry, D.; Debar, H. Intrusion detection message exchange format data model and extensible markup language (XML) document type definitionTechnical report. IETF Intrusion Detection Working Group, 2003. 2003. Available online: http://www.ietf.org/proceedings/50/I-D/idwg-idmef-xml-03.txt (accessed on 25 January 2013).
Kotenko, I.; Chechulin, A.; Novikova, E. Attack Modelling and Security Evaluation for Security Information and Event Management. In Proceedings of the International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy, 24–27 July 2012; pp. 391–394.
Kotenko, I.; Polubelova, O.; Saenko, I. Data Repository for Security Information and Event Management in Service Infrastructures. In Proceedings of 9th International Joint Conference on e-Business and Telecommunications (ICETE 2012). International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy, 24–27 July 2012; pp. 308–313.
Kotenko, I.; Polubelova, O.; Saenko, I. The Ontological Approach for SIEM Data Repository Implementation. In Proceeding of the2012 IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing, Besan？on, France, 20–23 November 2012; pp. 761–766.