Security Alert Management System for Internet Data Center Based on ISO/IEC 27001 Ontology

Internet Data Centers (IDC) emerge as a major network service platform to converge Internet related services and applications to one location, managing servers, networks, together with valuable and sensitive data of many enterprises. Therefore, an appropriate security approach is essential. Intrusion Detection Systems (IDS) are often deployed in IDC as a security measure to detect real-time intrusions and alert system administrators to take proper handling actions. However, a large number of low-level alerts lacking of classification make their management difficult. To tackle this problem, we propose a Security Alert Management System (SAMS) in which alerts generated by each IDS undergo alert aggregation. By incorporating ISO/IEC 27001 requirements into the ontology, our system classifies and aggregates alerts from multiple sources, providing a consolidated view of security incidents which are compliant with the ISO/IEC 27001 standard. We further facilitate effective handling of security alerts with different urgency classifications via an Alert Management System (AMS).