IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v5y2013i3p355-375d27053.html
   My bibliography  Save this article

Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems

Author

Listed:
  • Igor Kotenko

    (Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia)

  • Olga Polubelova

    (Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia)

  • Andrey Chechulin

    (Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia)

  • Igor Saenko

    (Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia)

Abstract

The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.

Suggested Citation

  • Igor Kotenko & Olga Polubelova & Andrey Chechulin & Igor Saenko, 2013. "Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems," Future Internet, MDPI, vol. 5(3), pages 1-21, July.
  • Handle: RePEc:gam:jftint:v:5:y:2013:i:3:p:355-375:d:27053
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/5/3/355/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/5/3/355/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Almut Herzog & Nahid Shahmehri & Claudiu Duma, 2007. "An Ontology of Information Security," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 1(4), pages 1-23, October.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Alanen, Jarmo & Linnosmaa, Joonas & Malm, Timo & Papakonstantinou, Nikolaos & Ahonen, Toni & Heikkilä, Eetu & Tiusanen, Risto, 2022. "Hybrid ontology for safety, security, and dependability risk assessments and Security Threat Analysis (STA) method for industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 220(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:5:y:2013:i:3:p:355-375:d:27053. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.