Descripción
|
|
---|---|
This paper presents a semantic web-based architecture to share alerts among Security Information Management Systems (SIMS). Such architecture is useful if two or more SIMS from different domains need to know information about alerts happening in the other domains, which is of vital importance for an early response to network incidents. For this, each SIMS has a knowledge base that contains the security alerts. This knowledge base can be queried from other SIMS, using standard semantic web protocols. To assess this architecture, both risk analysis and botnet detection use cases have been developed. The former one is based on the interoperability provided by this architecture. Rule-based reasoning is also used for the latter case. The performance of both use cases has been evaluated, providing some results. | |
Internacional
|
Si |
Nombre congreso
|
6th IEEE/IFIP International Conference on Network and Service Management (CNSM 2010) |
Tipo de participación
|
960 |
Lugar del congreso
|
Niagara Falls, Canada |
Revisores
|
Si |
ISBN o ISSN
|
978-1-4244-8910-7 |
DOI
|
10.1109/CNSM.2010.5691190 |
Fecha inicio congreso
|
25/10/2010 |
Fecha fin congreso
|
29/10/2010 |
Desde la página
|
270 |
Hasta la página
|
273 |
Título de las actas
|
Actas del Congreso |