Semantic Processing of Security Event Streams
Type Research Project
- Austrian Science Fund
Duration March 1, 2020 - Aug. 31, 2021
- Institute for Data, Process and Knowledge Management (AE Polleres) AE (Details)
Tags
Press 'enter' for creating the tagAbstract (English)
SEPSES will leverage semantic technologies to tackle security challenges, which will result in a novel approach to automatically interpret security event data streams in (near) real time. To this end, we will develop ontology design patterns and log vocabularies and leverage them to enrich and semantically integrate log information from disparate sources. Furthermore, the developed approach will contextualize the generated security events by enriching them with background knowledge. This will allow us to semantically link individual events scattered across log files and system components – which on their own are often inconspicuous – and automatically identify patterns of malicious activity by interpreting the resulting coherent event stream in (near) real time. Finally, we will develop mechanisms to dynamically evolve the modeled security knowledge in order to track changes in the infrastructure and discover new patterns of attack. To this end, we will develop ontology design patterns and log vocabularies and leverage them to enrich and semantically integrate log information from disparate sources. Furthermore, the developed approach will contextualize the generated security events by enriching them with background knowledge. This will allow us to semantically link individual events scattered across log files and system components – which on their own are often inconspicuous – and automatically identify patterns of malicious activity by interpreting the resulting coherent event stream in (near) real time. Finally, we will develop mechanisms to dynamically evolve the modeled security knowledge in order to track changes in the infrastructure and discover new patterns of attack. To this end, we will develop learning techniques that exploit the rich explicit semantics of the proposed approach. The ontologies and background knowledge used in the process can be shared easily and consistently among organizations.
Partners
- TU Wien - Institute of Information Systems - Austria
Publications
Journal article
2021 | Ekelhart, Andreas, Kiesling, Elmar, Ekaputra, Fajar J. 2021. The SLOGERT Framework for Automated Log Knowledge Graph Construction. Semantic Web. 12731 631-646. | (Details) |
Contribution to conference proceedings
2021 | Kurniawan, Kabul, Ekelhart, Andreas, Kiesling, Elmar, Quirchmayr, Gerald, Tjoa, A Min. 2021. Virtual Knowledge Graphs for Federated Log Analysis. In ICPS Proceedings, Hrsg. ARES 2021, 1-11. Wien: None. | (Details) |
Poster presented at an academic conference or symposium
2020 | Ekelhart, Andreas, Ekaputra, Fajar J., Kiesling, Elmar. 2020. Automated Knowledge Graph Construction From Raw Log Data. ISWC 2020, Athens/Online, Greece, 01.11.-06.11. | (Details) |