Title :
Sharing information about security alerts using semantic web technologies
Author :
Holgado, Pilar ; De Vergara, Jorge E López ; Villagrá, Víctor A. ; Sanz, Iván ; Amaya, Antonio
Author_Institution :
Escuela Politec. Super., Univ. Autonoma de Madrid, Madrid, Spain
Abstract :
This paper presents a semantic web-based architecture to share alerts among Security Information Management Systems (SIMS). Such architecture is useful if two or more SIMS from different domains need to know information about alerts happening in the other domains, which is of vital importance for an early response to network incidents. For this, each SIMS has a knowledge base that contains the security alerts. This knowledge base can be queried from other SIMS, using standard semantic web protocols. To assess this architecture, both risk analysis and botnet detection use cases have been developed. The former one is based on the interoperability provided by this architecture. Rule-based reasoning is also used for the latter case. The performance of both use cases has been evaluated, providing some results.
Keywords :
knowledge based systems; open systems; risk analysis; security of data; semantic Web; software architecture; botnet detection; information sharing; interoperability; knowledge base; network incident; risk analysis; rule-based reasoning; security alert; security information management system; semantic Web technology; semantic Web-based architecture; standard semantic Web protocol; Generators; Information management; Knowledge based systems; Ontologies; Resource description framework; Security; IDMEF ontology; Jena; Joseki; Protégé; RDF; SIMS; SPARQL; SWRL; Semantic Web; botnet detection; security assessment;
Conference_Titel :
Network and Service Management (CNSM), 2010 International Conference on
Conference_Location :
Niagara Falls, ON
Print_ISBN :
978-1-4244-8910-7
Electronic_ISBN :
978-1-4244-8908-4
DOI :
10.1109/CNSM.2010.5691190
