Open AccessThis article is
- freely available
Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems
Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia
* Author to whom correspondence should be addressed.
Received: 26 April 2013; in revised form: 10 June 2013 / Accepted: 17 June 2013 / Published: 9 July 2013
Abstract: The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.
Keywords: ontology; security information and event management; data model; data representation; logical inference; repository
Article StatisticsClick here to load and display the download statistics.
Notes: Multiple requests from the same IP address are counted as one view.
Cite This Article
MDPI and ACS Style
Kotenko, I.; Polubelova, O.; Chechulin, A.; Saenko, I. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems. Future Internet 2013, 5, 355-375.
Kotenko I, Polubelova O, Chechulin A, Saenko I. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems. Future Internet. 2013; 5(3):355-375.
Kotenko, Igor; Polubelova, Olga; Chechulin, Andrey; Saenko, Igor. 2013. "Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems." Future Internet 5, no. 3: 355-375.