Automated Interpretation and Integration of Security Tools Using Semantic Knowledge

Conference: 31st International Conference on Advanced Information Systems Engineering (CAiSE 2019), Rome, Italy.

Authors: Chadni Islam, Muhammad Ali Babar and Surya Nepal.

Year: 2019

Abstract: A security orchestration platform aims at integrating the activities performed by multi-vendor security tools to streamline the required incident response process. To make such a platform useful in practice in a Security Operation Center (SOC), we need to address three key challenges: interpretability, interoperability, and automation. In this paper, we proposed a novel semantic integration approach to automatically select and integrate security tools with essential capability for auto-execution of an incident response process in a security orchestration platform. The capability of security tools and the activities of the incident response process are formalized using ontologies, which have been used for NLP based approach to classify the activities for the emerging incident response processes. The developed ontologies and NLP approaches have been used for an interoperability model for selection and integration of security tools at runtime for the successful execution of an incident response process. Experimental results demonstrate the feasibility of the classifier and interoperability model for achieving interpretability, interoperability, and automation of security tools integrated into a security orchestration platform.

Published Version:


Cite this paper as: Islam C., Babar M.A., Nepal S. (2019) Automated Interpretation and Integration of Security Tools Using Semantic Knowledge. In: Giorgini P., Weber B. (eds) Advanced Information Systems Engineering. CAiSE 2019. Lecture Notes in Computer Science, vol 11483. Springer, Cham

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: