乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,28]],"date-time":"2024-07-28T11:53:10Z","timestamp":1722167590672},"reference-count":32,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2013,7,9]],"date-time":"2013-07-09T00:00:00Z","timestamp":1373328000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.<\/jats:p>","DOI":"10.3390\/fi5030355","type":"journal-article","created":{"date-parts":[[2013,7,9]],"date-time":"2013-07-09T15:22:00Z","timestamp":1373383320000},"page":"355-375","source":"Crossref","is-referenced-by-count":6,"title":["Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems"],"prefix":"10.3390","volume":"5","author":[{"given":"Igor","family":"Kotenko","sequence":"first","affiliation":[{"name":"Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia"}]},{"given":"Olga","family":"Polubelova","sequence":"additional","affiliation":[{"name":"Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia"}]},{"given":"Andrey","family":"Chechulin","sequence":"additional","affiliation":[{"name":"Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia"}]},{"given":"Igor","family":"Saenko","sequence":"additional","affiliation":[{"name":"Laboratory of Computer Security Problems, St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14th Liniya, Saint-Petersburg, Russia"}]}],"member":"1968","published-online":{"date-parts":[[2013,7,9]]},"reference":[{"key":"ref_1","unstructured":"Miller, D., Harris, S., Harper, A., VanDyke, S., and Blask, C. (2011). Security Information and Event Management (SIEM) Implementation, McGraw-Hill Companies."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1007\/978-3-642-33704-8_16","article-title":"Model-based security event management","volume":"7531","author":"Rieke","year":"2012","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_3","first-page":"228","article-title":"Description logics as ontology languages for the semantic web","volume":"2605","author":"Baader","year":"2005","journal-title":"Mech. Math. Reason."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jisp.2007100101","article-title":"An ontology of information security","volume":"1","author":"Herzog","year":"2007","journal-title":"Int. J. Inf. Secur. Privacy"},{"key":"ref_5","first-page":"27","article-title":"A semantic Web approach to share alerts among security information management systems","volume":"72","author":"Holgado","year":"2010","journal-title":"Commun. Comput. Inf. Sci."},{"key":"ref_6","unstructured":"Cruz, I.F., Gjomemo, R., Lin, B., and Orsini, M. (2008, January 13\u201316). A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments. Proceedings of the 4th International Conference on Collaborative Computing, Orlando, FL, USA."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Kolovski, V., Hendler, J., and Parsia, B. (2007, January 8\u201312). Analyzing Web Access Control Policies. Proceedings of the 16th international Conference on World Wide Web, Banff, AB, Canada.","DOI":"10.1145\/1242572.1242664"},{"key":"ref_8","unstructured":"Rochaeli, T., and Eckert, C. (2005, January 7). RBAC Policy Engineering with Patterns. Proceedings of the Semantic Web and Policy Workshop, Galway, Ireland."},{"key":"ref_9","unstructured":"Fitzgerald, W.M., Foley, S.N., and O\u2019Foghlu, M. (2007, January 11\u201312). Confident Firewall Policy Configuration Management using Description Logic. Proceedings of the Twelfth Nordic Workshop on Secure IT Systems, Reykjavik, Iceland."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Taylor, K., and Leidinger, L. (2011, January 29\u201330). Ontology-Driven Complex Event Processing in Heterogeneous Sensor Networks. The Semanic Web: Research and Applications. Proceedings of the 8th Extended Semantic Web Conference (ESWC\u201911), Heraklion, Greece.","DOI":"10.1007\/978-3-642-21064-8_20"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Razzaq, A., Ahmed, H.F., Hur, A., and Haider, N. (2009, January 17\u201318). Ontology Based Application Level Intrusion Detection System by Using Bayesian Filter. Proceedings of 2nd International Conference on Computer, Control and Communication (IC4), Karachi, Pakistan.","DOI":"10.1109\/IC4.2009.4909223"},{"key":"ref_12","unstructured":"Rochaeli, T., and Eckert, C. (2005, January 26\u201328). Attack Goal Generation Using Description Logic-Based Knowledge Representation. Proceedings of the 2005 International Workshop on Description Logics (DL2005), Edinburgh, Scotland, UK."},{"key":"ref_13","unstructured":"Schatz, B., Mohay, G., and Clark, A. (2004, January 25). Generalizing Event Forensics across Multiple Domains. Proceedings of the 2nd Australian Computer Network & Information Forensics Conference (Forensics 2004), Edith Cowan University, Perth, Australia."},{"key":"ref_14","first-page":"1","article-title":"From representing contextual intrusion detection information in description logics to monitoring target events","volume":"10","author":"Kenaza","year":"2006","journal-title":"Agence Natl. Rech. D\u00e9livr."},{"key":"ref_15","unstructured":"Nicolett, M., and Kavanagh, K.M. (2012). Critical Capabilities for Security Information and Event Management, Gartner. Gartner RAS Core Research Note G00 212420."},{"key":"ref_16","unstructured":"Ogle, D., Kreger, H., Salahshour, A., Cornpropst, J., Labadie, E., Chessell, M., Horn, B., Gerken, J., Schoech, J., and Wamboldt, M. (2004). Canonical Situation Data Format: The Common Base Event V1.0.1, International Business Machines Corporation."},{"key":"ref_17","unstructured":"Common Event Format. Available online:http:\/\/www.arcsight.com\/solutions_cef.htm."},{"key":"ref_18","unstructured":"Curry, D., and Debar, H. Intrusion detection message exchange format data model and extensible markup language (XML) document type definition. Available online:http:\/\/www.ietf.org\/proceedings\/50\/I-D\/idwg-idmef-xml-03.txt."},{"key":"ref_19","unstructured":"Common Information Model (CIM), DMTF. Available online:http:\/\/dmtf.org\/standards\/cim."},{"key":"ref_20","unstructured":"Security Content Automation Protocol (SCAP). Available online:http:\/\/scap.nist.gov."},{"key":"ref_21","unstructured":"Kotenko, I., Chechulin, A., and Novikova, E. (2012, January 24\u201327). Attack Modelling and Security Evaluation for Security Information and Event Management. Proceedings of the International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy."},{"key":"ref_22","unstructured":"Kotenko, I., Polubelova, O., and Saenko, I. (2012, January 24\u201327). Data Repository for Security Information and Event Management in Service Infrastructures. Proceedings of 9th International Joint Conference on e-Business and Telecommunications (ICETE 2012). International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy."},{"key":"ref_23","unstructured":"Garcia-Molina, H., Ullman, J.D., and Widom, J.D. (2009). Database Systems. The Complete Book, Pearson Prentice Hall. [2nd ed.]."},{"key":"ref_24","unstructured":"Marco, D. (2000). Building and Managing the Meta Data Repository: A Full Lifecycle Guide, Wiley."},{"key":"ref_25","unstructured":"(Triple Store Evaluation Analysis Report, 2010). Triple Store Evaluation Analysis Report."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Polubelova, O., and Saenko, I. (2012, January 20\u201323). The Ontological Approach for SIEM Data Repository Implementation. Proceeding of the2012 IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing, Besan\u00e7on, France.","DOI":"10.1109\/GreenCom.2012.125"},{"key":"ref_27","unstructured":"Barret, R. XML Database Products: Native XML Databases. Available online:http:\/\/www.rpbourret.com\/xml\/ProdsNative.htm."},{"key":"ref_28","unstructured":"Storage and Inference Layer Solutions. Available online:http:\/\/alexidsa.blogspot.com\/2009\/12\/sail.html."},{"key":"ref_29","unstructured":"Virtuoso. Available online:http:\/\/virtuoso.openlinksw.com."},{"key":"ref_30","unstructured":"Comparison of Triple Stores. Available online:http:\/\/www.bioontology.org\/wiki\/images\/6\/6a\/Triple_Stores.pdf."},{"key":"ref_31","unstructured":"Web Services Description Language (WSDL) 1.1. Available online:http:\/\/www.w3.org\/TR\/wsdl."},{"key":"ref_32","unstructured":"Web Services. Available online:http:\/\/www.w3.org\/2002\/ws\/."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/5\/3\/355\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,31]],"date-time":"2024-05-31T17:16:37Z","timestamp":1717175797000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/5\/3\/355"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,7,9]]},"references-count":32,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2013,9]]}},"alternative-id":["fi5030355"],"URL":"https:\/\/doi.org\/10.3390\/fi5030355","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,7,9]]}}}