Next Article in Journal
Internet Access by People with Intellectual Disabilities: Inequalities and Opportunities
Next Article in Special Issue
Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network
Previous Article in Journal
Future Research on Cyber-Physical Emergency Management Systems
Previous Article in Special Issue
A Methodology for Retrieving Information from Malware Encrypted Output Files: Brazilian Case Studies
Future Internet 2013, 5(3), 355-375; doi:10.3390/fi5030355
Article

Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems

* ,
,
 and
Received: 26 April 2013; in revised form: 10 June 2013 / Accepted: 17 June 2013 / Published: 9 July 2013
(This article belongs to the Special Issue Security of Systems and Software Resiliency)
View Full-Text   |   Download PDF [1006 KB, uploaded 9 July 2013]   |   Browse Figures
Abstract: The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.
Keywords: ontology; security information and event management; data model; data representation; logical inference; repository ontology; security information and event management; data model; data representation; logical inference; repository
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Export to BibTeX |
EndNote


MDPI and ACS Style

Kotenko, I.; Polubelova, O.; Chechulin, A.; Saenko, I. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems. Future Internet 2013, 5, 355-375.

AMA Style

Kotenko I, Polubelova O, Chechulin A, Saenko I. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems. Future Internet. 2013; 5(3):355-375.

Chicago/Turabian Style

Kotenko, Igor; Polubelova, Olga; Chechulin, Andrey; Saenko, Igor. 2013. "Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems." Future Internet 5, no. 3: 355-375.


Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert