Enriched Diagnosis and Investigation Models for Security Event Correlation

Author

Legrand, Véronique ; Ubéda, Stéphane

Author_Institution

INSA-Lyon/ExaProtect - ARES INRIA Project, Lyon

fYear

2007

fDate

1-5 July 2007

Firstpage

1

Lastpage

1

Abstract

This paper describes a diagnosis model and architecture for enterprise level security event correlation called DIM (Diagnostic and Investigation Models). Our work is motivated by the existing limits of holistic Information System security surveillance solutions suited to monitoring information systems. We address this issue in this paper and propose an architectural foundation. Our approach is based on an ontology-driven diagnosis process coupled with enriched CIM (Common Information Model) derived information model and a policy model.

Keywords

business data processing; diagnostic reasoning; information systems; ontologies (artificial intelligence); security of data; surveillance; common information model; enterprise level security event correlation; holistic information system security surveillance solution; intrusion detection system; ontology-driven diagnostic reasoning model; policy model; Availability; Computer integrated manufacturing; Data security; Event detection; Information security; Information systems; Monitoring; Ontologies; Surveillance; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on

Conference_Location

San Jose, CA

Print_ISBN

0-7695-2911-9

Electronic_ISBN

0-7695-2911-9

Type

conf

DOI

10.1109/ICIMP.2007.16

Filename

4271747