Future Internet 2013, 5(3), 355-375; doi:10.3390/fi5030355
Article

Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems

Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia
* Author to whom correspondence should be addressed.
Received: 26 April 2013; in revised form: 10 June 2013 / Accepted: 17 June 2013 / Published: 9 July 2013
(This article belongs to the Special Issue Security of Systems and Software Resiliency)
PDF Full-text Download PDF Full-Text [1006 KB, uploaded 9 July 2013 13:45 CEST]
Abstract: The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.
Keywords: ontology; security information and event management; data model; data representation; logical inference; repository

Article Statistics

Load and display the download statistics.

Citations to this Article

Cite This Article

MDPI and ACS Style

Kotenko, I.; Polubelova, O.; Chechulin, A.; Saenko, I. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems. Future Internet 2013, 5, 355-375.

AMA Style

Kotenko I, Polubelova O, Chechulin A, Saenko I. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems. Future Internet. 2013; 5(3):355-375.

Chicago/Turabian Style

Kotenko, Igor; Polubelova, Olga; Chechulin, Andrey; Saenko, Igor. 2013. "Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems." Future Internet 5, no. 3: 355-375.

Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert