• English
  • Deutsch
  • Log In
    Password Login
    Research Outputs
    Fundings & Projects
    Researchers
    Institutes
    Statistics
Repository logo
Fraunhofer-Gesellschaft
  1. Home
  2. Fraunhofer-Gesellschaft
  3. Konferenzschrift
  4. Using extensible metadata definitions to create a vendor-independent SIEM system
 
  • Details
  • Full
Options
2015
Conference Paper
Title

Using extensible metadata definitions to create a vendor-independent SIEM system

Abstract
The threat of cyber-attacks grows up, as one can see by several negative security news and reports [8]. Today there are many security components (e.g. anti-virus-system, firewall, and IDS) available to protect enterprise networks; unfortunately, they work independently from each other isolated. But many attacks can only be recognized if logs and events of different security components are combined and correlated with each other. Existing specifications of the Trusted Computing Group (TCG) already provide a standardized protocol for metadata collection and exchange named IF-MAP. This protocol is very useful for network security applications and for the correlation of different metadata in one common database. That circumstance again is very suitable for Security Information and Event Management (SIEM) systems. In this paper we present a SIEM architecture developed during a research project called SIMU. Additionally, we introduce a new kind of metadata that can be helpful for domains that are not covered by the existing TCG specifications. Therefore, a metadata model with unique data types has been designed for higher flexibility. For the realization two different extensions are discussed in this paper: a new feature model or an additional service identifier.
Author(s)
Detken, Kai-Oliver
Scheuermann, Dirk  
Hellmann, Bastian
Mainwork
Advances in Swarm and Computational Intelligence. 6th International Conference, ICSI 2015  
Conference
International Conference on Swarm Intelligence (ICSI) 2015  
Congress on Computational Intelligence (CCI) 2015  
DOI
10.1007/978-3-319-20472-7_48
Language
English
Fraunhofer-Institut für Sichere Informationstechnologie SIT  
Keyword(s)
  • security information and event management

  • SIEM

  • anomaly detection

  • IF-MAP

  • metadata schema

  • trusted computing

  • feature model

  • Cookie settings
  • Imprint
  • Privacy policy
  • Api
  • Contact
© 2024