Publica
Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten. Model-based security event management
| Kotenko, I.:
Computer network security. 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2012 : St. Petersburg, Russia, October 17 - 19, 2012; Proceedings
Berlin: Springer, 2012 (Lecture Notes in Computer Science 7531)
ISBN: 3-642-33703-1
ISBN: 978-3-642-33703-1
ISBN: 978-3-642-33704-8
ISSN: 0302-9743
pp.181-190 |
| International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS) <6, 2012, St. Petersburg> |
|
| English |
| Conference Paper |
| Fraunhofer SIT () |
| SIEM; monitoring; model-based security; ontology; security strategy meta model; security information and event management; complex event processing |
Abstract
With the growing size and complexity of current ICT infrastructures, it becomes increasingly challenging to gain an overview of potential security breaches. Security Information and Event Management systems which aim at collecting, aggregating and processing security-relevant information are therefore on the rise. However, the event model of current systems mostly describes network events and their correlation, but is not linked to a comprehensive security model, including system state, security and compliance requirements, countermeasures, and affected assets. In this paper we introduce a comprehensive semantic model for security event management. Besides the description of security incidents, the model further allows to add conditions over the system state, define countermeasures, and link to external security models.