Semantic Processing of Security Event Streams


Type Research Project

Funding Bodies
  • Austrian Science Fund

Duration March 1, 2020 - Aug. 31, 2021

https://sepses.ifs.tuwien.ac.at
  • Institute for Data, Process and Knowledge Management (AE Polleres) AE (Details)

Tags

Press 'enter' for creating the tag
  • Ekelhart, Andreas (Former researcher)
  • Kiesling, Elmar (Details) Project Head
  • Kurniawan, Kabul (Details)
  • Vidgof, Maxim (Details)
 

Abstract (English)

SEPSES will leverage semantic technologies to tackle security challenges, which will result in a novel approach to automatically interpret security event data streams in (near) real time. To this end, we will develop ontology design patterns and log vocabularies and leverage them to enrich and semantically integrate log information from disparate sources. Furthermore, the developed approach will contextualize the generated security events by enriching them with background knowledge. This will allow us to semantically link individual events scattered across log files and system components – which on their own are often inconspicuous – and automatically identify patterns of malicious activity by interpreting the resulting coherent event stream in (near) real time. Finally, we will develop mechanisms to dynamically evolve the modeled security knowledge in order to track changes in the infrastructure and discover new patterns of attack. To this end, we will develop ontology design patterns and log vocabularies and leverage them to enrich and semantically integrate log information from disparate sources. Furthermore, the developed approach will contextualize the generated security events by enriching them with background knowledge. This will allow us to semantically link individual events scattered across log files and system components – which on their own are often inconspicuous – and automatically identify patterns of malicious activity by interpreting the resulting coherent event stream in (near) real time. Finally, we will develop mechanisms to dynamically evolve the modeled security knowledge in order to track changes in the infrastructure and discover new patterns of attack. To this end, we will develop learning techniques that exploit the rich explicit semantics of the proposed approach. The ontologies and background knowledge used in the process can be shared easily and consistently among organizations.

Partners

  • TU Wien - Institute of Information Systems - Austria

Publications

Journal article

2021 Ekelhart, Andreas, Kiesling, Elmar, Ekaputra, Fajar J. 2021. The SLOGERT Framework for Automated Log Knowledge Graph Construction. The Semantic Web. 12731 631-646. (Details)

Contribution to conference proceedings

2021 Kurniawan, Kabul, Ekelhart, Andreas, Kiesling, Elmar, Quirchmayr, Gerald, Tjoa, A Min. 2021. Virtual Knowledge Graphs for Federated Log Analysis. In ICPS Proceedings, Hrsg. ARES 2021, 1-11. Wien: None. (Details)

Poster presented at an academic conference or symposium

2020 Ekelhart, Andreas, Ekaputra, Fajar J., Kiesling, Elmar. 2020. Automated Knowledge Graph Construction From Raw Log Data. ISWC 2020, Athens/Online, Greece, 01.11.-06.11. (Details)