The Ontological Approach for SIEM Data Repository Implementation

The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security, including distributed networks of internet enabled objects (as in the Internet of Things). The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository and the extraction of relevant data for the analytical modules of SIEM systems. An ontological approach at present becomes more applicable for realizing these tasks in various spheres of information security. The paper discusses the possibilities of applying the ontological approach for implementation of the data repository of SIEM systems for distributed networks of Internet enabled objects. Based on the analysis of existing SIEM systems and standards, the choice of ontological approach is done, an example of the ontological data model of vulnerabilities is presented, a hybrid architecture of the ontological repository is proposed and the issues of developing and testing the repository for attack modelling and secure evaluation tasks are discussed.