Skip to main content
SpringerLink
Log in

Automated Interpretation and Integration of Security Tools Using Semantic Knowledge

  • Conference paper
  • First Online:
Advanced Information Systems Engineering (CAiSE 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11483))

Included in the following conference series:

Abstract

A security orchestration platform aims at integrating the activities performed by multi-vendor security tools to streamline the required incident response process. To make such a platform useful in practice in a Security Operation Center (SOC), we need to address three key challenges: interpretability, interoperability, and automation. In this paper, we proposed a novel semantic integration approach to automatically select and integrate security tools with essential capability for auto-execution of an incident response process in a security orchestration platform. The capability of security tools and the activities of the incident response process are formalized using ontologies, which have been used for NLP based approach to classify the activities for the emerging incident response processes. The developed ontologies and NLP approaches have been used for an interoperability model for selection and integration of security tools at runtime for the successful execution of an incident response process. Experimental results demonstrate the feasibility of the classifier and interoperability model for achieving interpretability, interoperability, and automation of security tools integrated into a security orchestration platform.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://stixproject.github.io/about/.

  2. 2.

    https://cyboxproject.github.io/.

  3. 3.

    https://www.misp-project.org/.

  4. 4.

    https://www.splunk.com/.

  5. 5.

    https://www.rsa.com/en-us/products/threat-detection-response/ .

  6. 6.

    https://www.snort.org/.

  7. 7.

    https://docs.servicenow.com/: offers on-demand, cloud-based IT service management solution, forms-based workflow application development, automation workflow, productivity tool for business user and so forth.

References

  1. Demisto. https://www.demisto.com/wp-content/uploads/2017/04/MH-Demisto-Security-Automation-WP.pdf. Accessed 11 Oct 2017

  2. Koyama, T., Hu, B., Nagafuchi, Y., Shioji, E., Takahashi, K.: Security orchestration with a global threat intelligence platform. NTT Tech. Rev. 13, 1–6 (2015)

    Google Scholar 

  3. Luo, S., Salem, M.B.: Orchestration of software-defined security services. In: 2016 IEEE International Conference on Communications Workshops, ICC 2016, pp. 436–441 (2016)

    Google Scholar 

  4. Enterprise Strategy Group. https://www.esg-global.com/research/esg-research-report-cybersecurity-analytics-and-operations-in-transition. Accessed 25 Feb 2019

  5. McAfee. https://www.mcafee.com/au/solutions/orchestration.aspx. Accessed 20 Oct 2017

  6. Komand. https://www.komand.com/. Accessed 21 Oct 2017

  7. Feitosa, E., Souto, E., Sadok, D.H.: An orchestration approach for unwanted internet traffic identification. Comput. Netw. 56, 2805–2831 (2012)

    Article  Google Scholar 

  8. SIEMPLIFY. https://www.siemplify.co/security-orchestration-automation. Accessed 1 Nov 2017

  9. SWIMLANE. https://swimlane.com/use-cases/security-orchestration-for-automated-defense/. Accessed 20 Nov 2017

  10. Yu, T., Fayaz, S.K., Collins, M., Sekar, V., Seshan, S.: PSI: precise security instrumentation for enterprise networks. In: Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA (2017)

    Google Scholar 

  11. SWIMLANE. https://swimlane.com/ebook-sao-capabilities/. Accessed 20 Oct 2017

  12. FireEye. https://www.fireeye.com/solutions/security-orchestrator.html. Accessed 11 Jan 2018

  13. Microsoft. https://www.microsoft.com/en-us/windowsforbusiness/windows-atp. Accessed 21 Jan 2018

  14. Crowley, C., Pescatore, J.: The Definition of SOC-cess? SANS 2018 Security Operations Center Survey. SANS (2018)

    Google Scholar 

  15. Evesti, A., Ovaska, E.: Ontology-based security adaptation at run-time. In: 2010 4th IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO), pp. 204–212. IEEE (2010)

    Google Scholar 

  16. Syed, Z., Padia, A., Finin, T., Mathews, M.L., Joshi, A.: UCO: a unified cybersecurity ontology. In: AAAI Workshop: Artificial Intelligence for Cyber Security (2016)

    Google Scholar 

  17. Chauhan, M.A., Babar, M.A., Sheng, Q.Z.: A Reference architecture for provisioning of tools as a service: meta-model, ontologies and design elements. Future Gener. Comput. Syst. 69, 41–65 (2017)

    Article  Google Scholar 

  18. Krauß, D., Thomalla, C.: Ontology-based detection of cyber-attacks to SCADA-systems in critical infrastructures. In: 2016 6th International Conference on Digital Information and Communication Technology and Its Applications, DICTAP 2016, pp. 70–73 (2016)

    Google Scholar 

  19. Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity. Auerbach Publications, Boca Raton (2016)

    Book  Google Scholar 

Download references

Acknowledgment

This work is partially supported by Data61/CSIRO, Australia. We acknowledge the contributions of the shepherd reviewer Professor Andreas L. Opdahl from the University of Bergen, Norway who provided insightful comments with continuous engagement to improve the paper.

Author information

Authors and Affiliations

  1. School of Computer Science, University of Adelaide, Adelaide, SA, 5005, Australia

    Chadni Islam & M. Ali Babar

  2. CREST Centre, Adelaide, SA, 5005, Australia

    Chadni Islam & M. Ali Babar

  3. Data61, CSIRO, Sydney, NSW, 2122, Australia

    Chadni Islam & Surya Nepal

Authors
  1. Chadni Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Ali Babar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Chadni Islam , M. Ali Babar or Surya Nepal .

Editor information

Editors and Affiliations

  1. University of Trento, Trento, Italy

    Paolo Giorgini

  2. University of St. Gallen, St. Gallen, Switzerland

    Barbara Weber

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Islam, C., Babar, M.A., Nepal, S. (2019). Automated Interpretation and Integration of Security Tools Using Semantic Knowledge. In: Giorgini, P., Weber, B. (eds) Advanced Information Systems Engineering. CAiSE 2019. Lecture Notes in Computer Science(), vol 11483. Springer, Cham. https://doi.org/10.1007/978-3-030-21290-2_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21290-2_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21289-6

  • Online ISBN: 978-3-030-21290-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation