DocumentCode :
3036876
Title :
Enriched Diagnosis and Investigation Models for Security Event Correlation
Author :
Legrand, Véronique ; Ubéda, Stéphane
Author_Institution :
INSA-Lyon/ExaProtect - ARES INRIA Project, Lyon
fYear :
2007
fDate :
1-5 July 2007
Firstpage :
1
Lastpage :
1
Abstract :
This paper describes a diagnosis model and architecture for enterprise level security event correlation called DIM (Diagnostic and Investigation Models). Our work is motivated by the existing limits of holistic Information System security surveillance solutions suited to monitoring information systems. We address this issue in this paper and propose an architectural foundation. Our approach is based on an ontology-driven diagnosis process coupled with enriched CIM (Common Information Model) derived information model and a policy model.
Keywords :
business data processing; diagnostic reasoning; information systems; ontologies (artificial intelligence); security of data; surveillance; common information model; enterprise level security event correlation; holistic information system security surveillance solution; intrusion detection system; ontology-driven diagnostic reasoning model; policy model; Availability; Computer integrated manufacturing; Data security; Event detection; Information security; Information systems; Monitoring; Ontologies; Surveillance; Testing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on
Conference_Location :
San Jose, CA
Print_ISBN :
0-7695-2911-9
Electronic_ISBN :
0-7695-2911-9
Type :
conf
DOI :
10.1109/ICIMP.2007.16
Filename :
4271747
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3036876
بازگشت