Abstract
Security incident management is one of the critical areas that offers valuable information to security experts, but still lacks much development. Currently, several security incident database models have been proposed and used. The discrepancies of such databases entail that worldwide incident information is stored in different formats and places and, so, do not provide any means for Computer Security Incident Response Teams (CSIRTs) collaboration. This paper presents an architecture based on advance database techniques, able to collect incident related information from different sources. Our framework enhances the incident management process by allowing the law enforcement units to (a) collect the required evidence from incident data that are spread through a number of different incident management systems; (b) transform, clean, and homogenize them; and, finally, (c) load them to a central database management system. Such architecture can also be beneficial by minimizing the mean time between the appearance of a new incident and its publication to the worldwide community.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alessandri, D., Dacier, M.: VulDa. A Vulnerability Database. In: Proceedings of the 2nd Workshop on Research with Security Vulnerability Databases (1999)
Athman, B., Benatallah, B., Ouzzani, M., Lily, H.: Using Java and CORBA for Implementing Internet Databases. In: Proceedings of the 15th International Conference on Data Engineering (ICDE 1999), pp. 218–227 (1999)
Athman, B., Benatallah, B., Hendra, L., Beard, J., Kevin, S., Mourad, O.: World Wide Database-Integrating the Web, CORBA and Databases. In: Proceedings of the ACM SIGMOD Conference (SIGMO 19’99), pp. 594–596 (1999)
Belsis, M., Smalov, L.: Building an Enterprise IT Security Management System. In: Proceedings of the 18th IFIP International Conference on Information Security, Athens, Greece (2003)
Corner, D.: IDMEF-“Lingua Franca” for Security Incident Management. SANS GIAC Security Certification, V.1.4b (2003)
Demechenko, Y.: Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML). Internet Draft (2001)
Demchenko, Y., Ohno, H., Keeni, G.: Requirements for Format for Incident Report Exchange (FINE) (draft-ietf-inch-requirements-00.txt) (2003)
Ebru, K., Gokhan, O., Cevdet, D., Nihan, K., Pinal, K., Asuman, D.: Experiences in Using CORBA for a Multidatabase Implementation. In: Proceedings of the 6th International Workshop on Database and Expert System Applications, London (1995)
Commission of the European Communities Security Investigations Projects. Project S2003-Incident Reporting a European Structure “Final Feasibility and Strategy Report”. Report No19733, version 1.0 (1992)
Fullmer, M., Romig, S.: The OSU Flow-Tools Package and Cisco NetFlow Logs. In: Proceedings of the 14th Systems Administration Conference, pp. 291–303 (2000)
Galhardas, H., Florescu, D., Shasha, D., Simon, E.: Ajax: An Extensible Data Cleaning Tool. In: Proceedings of ACM SIGMOD (SIGMOD 2000), Texas, USA, p. 590 (2000)
Gritzalis, S., Spinellis, D.: Addressing Threats and Security Issues in World Wide Web Technology. In: Proceedings of CMS 1997 3rd IFIP TC6/TC11 International Joint Working Conference on Communications & Multimedia Security, IFIP, pp. 33–46. Chapman & Hall, Boca Raton (1997)
IBM. IBM Data Warehouse Manager, Available at www-3.ibm.com/software/data/db2/ datawarehouse
Informatica. PowerCenter, Available at http://www.informatica.com/products/data+integration/power-center/default.htm
Koutrika, G., Ioannidis, Y.: Personalization of Queries in Database Systems. In: Proceedings of the 20th IEEE International Conference on Data Engineering (ICDE 2004), Boston, USA, pp. 597–608 (2004)
Kimball, R., Reeves, L., Ross, M., Thornthwaite, W.: The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing, and Deploying Data Warehouses. John Wiley & Sons, New York (1998)
Lenzerini, M.: Data Integration: A Theoretical Perspective. In: Proceedings of 21st Symposium on Principles of Database Systems (PODS), Wisconsin, USA, pp. 233–246 (2002)
Microsoft. Data Transformation Services, Available at http://www.microsoft.com
NIST, New tool for identifying Vulnerabilities Up and Running. Journal on Research of the Nat. Institute of Standards and Technologies (2001)
Oracle Corp. Oracle9iTM Warehouse Builder User’s Guide, Release 9.0.2 (2001), Available at http://otn.oracle.com/products/warehouse/content.html
MITRE. Oval Web Site (2005), Available at http://oval.mitre.org/
PURDUE University (2005), Available at https://cirdb.cerias.purdue.edu/website/
Rahm, E., Hai Do, H.: Data Cleaning: Problems and Current Approaches. Bulletin of the Technical Committee on Data Engineering 23(4) (2000)
Raman, V., Hellerstein, J.: Potter’s Wheel: An Interactive Data Cleaning System. In: VLDB 2001, Roma, Italy, pp. 381–390 (2001)
Simitsis, A.: Modeling and Optimization of Extraction-Transformation-Loading (ETL) Processes in Data Warehouse Environments. National Technical University of Athens: PhD Thesis, Athens, Greece (2004)
Simitsis, A., Vassiliadis, P., Sellis, T.: Optimizing ETL Processes in Data Warehouse Environments. In: Proceedings of the 21st IEEE International Conference on Data Engineering (ICDE 2005), Tokyo, Japan (2005)
Simitsis, A., Vassiliadis, P., Sellis, T.: State-Space Optimization of ETL Workflows. Accepted in Journal of IEEE Transactions on Knowledge and Data Engineering (TKDE)
Vassiliadis, P., Simitsis, A., Georgantas, P., Terrovitis, M., Skiadopoulos, S.: A Generic and Customizable Framework for the Design of ETL Scenarios. Accepted in Journal of Information Systems
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Belsis, M.A., Simitsis, A., Gritzalis, S. (2005). Workflow Based Security Incident Management. In: Bozanis, P., Houstis, E.N. (eds) Advances in Informatics. PCI 2005. Lecture Notes in Computer Science, vol 3746. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573036_65
Download citation
DOI: https://doi.org/10.1007/11573036_65
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29673-7
Online ISBN: 978-3-540-32091-3
eBook Packages: Computer ScienceComputer Science (R0)