Ontology-Based Inter-Domain Event Correlation
نویسنده
چکیده
The notion of event correlation has been around for some time. Most recently, event correlation has gotten a significant amount of attention in the intrusion detection community under the topic of alert correlation. The principles behind event correlation, however, can also be used to relate events in seemingly heterogeneous domains such as access control and intrusion detection. To address the need for event data sharing between different security mechanisms, we propose the use of ontologies for inter-domain event correlation. The relevant research on alert correlation is surveyed and two taxonomies are presented to classify the approaches used in that area. Then hybrid ontology is proposed that can serve as the integration point for event correlation between access control and intrusion detection systems. Examples are given from an implementation to show the capabilities of the correlation process.
منابع مشابه
Rich Event Representation for Computer Forensics
Recent advances in computer internetworking and continued increases in Internet usage have been accompanied by a continued increase in the incidence of computer related crime. At the same time, the number of sources of potential evidence in any particular computer forensic investigation has grown considerably, as evidence of the occurrence of relevant events can potentially be drawn not only fr...
متن کاملQuery Architecture Expansion in Web Using Fuzzy Multi Domain Ontology
Due to the increasing web, there are many challenges to establish a general framework for data mining and retrieving structured data from the Web. Creating an ontology is a step towards solving this problem. The ontology raises the main entity and the concept of any data in data mining. In this paper, we tried to propose a method for applying the "meaning" of the search system, But the problem ...
متن کاملGeneralising Event Forensics Across Multiple Domains
In cases involving computer related crime, event oriented evidence such as computer event logs, and telephone call records are coming under increased scrutiny. The amount of technical knowledge required to manually interpret event logs encompasses multiple domains of expertise, ranging from computer networking to forensic accounting. Automated methods of classifying events and patterns of event...
متن کاملRelation-Centric Semantic Annotation using Semantic Role Labeling and Coreference Resolution
Automatic semantic annotation based on domain-specific ontologies is a one of the critical issues for the success of the semantic web. Most existing approaches focused on the detection of concepts such as named entities, dates, monetary amounts. This study explores automatic semantic annotation techniques for applications using relation-centric ontologies which represent domain knowledge using ...
متن کاملA Model of Events based on a Foundational Ontology
Die Arbeitsberichte aus dem Fachbereich Informatik dienen der Darstellung vorläufiger Ergebnisse, die in der Regel noch für spätere Veröffentlichungen überarbeitet werden. Die Autoren sind deshalb für kritische Hinweise dankbar. Alle Rechte vorbehalten, insbesondere die der Übersetzung, des Nachdruckes, des Vortrags, der Entnahme von Abbildungen und Tabellen – auch bei nur auszugsweiser Verwert...
متن کامل