Semantic Processing of Security Event Streams

FWF

SEPSES will leverage semantic technologies to tackle security challenges, which will result in a novel approach to automatically interpret security event data streams in (near) real time. To this end, we will develop ontology design patterns and log vocabularies and leverage them to enrich and semantically integrate log information from disparate sources. Furthermore, the developed approach will contextualize the generated security events by enriching them with background knowledge. This will allow us to semantically link individual events scattered across log files and system components – which on their own are often inconspicuous – and automatically identify patterns of malicious activity by interpreting the resulting coherent event stream in (near) real time. Finally, we will develop mechanisms to dynamically evolve the modeled security knowledge in order to track changes in the infrastructure and discover new patterns of attack. To this end, we will develop ontology design patterns and log vocabularies and leverage them to enrich and semantically integrate log information from disparate sources. Furthermore, the developed approach will contextualize the generated security events by enriching them with background knowledge. This will allow us to semantically link individual events scattered across log files and system components – which on their own are often inconspicuous – and automatically identify patterns of malicious activity by interpreting the resulting coherent event stream in (near) real time. Finally, we will develop mechanisms to dynamically evolve the modeled security knowledge in order to track changes in the infrastructure and discover new patterns of attack. To this end, we will develop learning techniques that exploit the rich explicit semantics of the proposed approach. The ontologies and background knowledge used in the process can be shared easily and consistently among organizations.