Skip to main content
SpringerLink
Log in

Workflow Based Security Incident Management

  • Conference paper
Advances in Informatics (PCI 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3746))

Included in the following conference series:

Abstract

Security incident management is one of the critical areas that offers valuable information to security experts, but still lacks much development. Currently, several security incident database models have been proposed and used. The discrepancies of such databases entail that worldwide incident information is stored in different formats and places and, so, do not provide any means for Computer Security Incident Response Teams (CSIRTs) collaboration. This paper presents an architecture based on advance database techniques, able to collect incident related information from different sources. Our framework enhances the incident management process by allowing the law enforcement units to (a) collect the required evidence from incident data that are spread through a number of different incident management systems; (b) transform, clean, and homogenize them; and, finally, (c) load them to a central database management system. Such architecture can also be beneficial by minimizing the mean time between the appearance of a new incident and its publication to the worldwide community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alessandri, D., Dacier, M.: VulDa. A Vulnerability Database. In: Proceedings of the 2nd Workshop on Research with Security Vulnerability Databases (1999)

    Google Scholar 

  2. Athman, B., Benatallah, B., Ouzzani, M., Lily, H.: Using Java and CORBA for Implementing Internet Databases. In: Proceedings of the 15th International Conference on Data Engineering (ICDE 1999), pp. 218–227 (1999)

    Google Scholar 

  3. Athman, B., Benatallah, B., Hendra, L., Beard, J., Kevin, S., Mourad, O.: World Wide Database-Integrating the Web, CORBA and Databases. In: Proceedings of the ACM SIGMOD Conference (SIGMO 19’99), pp. 594–596 (1999)

    Google Scholar 

  4. Belsis, M., Smalov, L.: Building an Enterprise IT Security Management System. In: Proceedings of the 18th IFIP International Conference on Information Security, Athens, Greece (2003)

    Google Scholar 

  5. Corner, D.: IDMEF-“Lingua Franca” for Security Incident Management. SANS GIAC Security Certification, V.1.4b (2003)

    Google Scholar 

  6. Demechenko, Y.: Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML). Internet Draft (2001)

    Google Scholar 

  7. Demchenko, Y., Ohno, H., Keeni, G.: Requirements for Format for Incident Report Exchange (FINE) (draft-ietf-inch-requirements-00.txt) (2003)

    Google Scholar 

  8. Ebru, K., Gokhan, O., Cevdet, D., Nihan, K., Pinal, K., Asuman, D.: Experiences in Using CORBA for a Multidatabase Implementation. In: Proceedings of the 6th International Workshop on Database and Expert System Applications, London (1995)

    Google Scholar 

  9. Commission of the European Communities Security Investigations Projects. Project S2003-Incident Reporting a European Structure “Final Feasibility and Strategy Report”. Report No19733, version 1.0 (1992)

    Google Scholar 

  10. Fullmer, M., Romig, S.: The OSU Flow-Tools Package and Cisco NetFlow Logs. In: Proceedings of the 14th Systems Administration Conference, pp. 291–303 (2000)

    Google Scholar 

  11. Galhardas, H., Florescu, D., Shasha, D., Simon, E.: Ajax: An Extensible Data Cleaning Tool. In: Proceedings of ACM SIGMOD (SIGMOD 2000), Texas, USA, p. 590 (2000)

    Google Scholar 

  12. Gritzalis, S., Spinellis, D.: Addressing Threats and Security Issues in World Wide Web Technology. In: Proceedings of CMS 1997 3rd IFIP TC6/TC11 International Joint Working Conference on Communications & Multimedia Security, IFIP, pp. 33–46. Chapman & Hall, Boca Raton (1997)

    Google Scholar 

  13. IBM. IBM Data Warehouse Manager, Available at www-3.ibm.com/software/data/db2/ datawarehouse

  14. Informatica. PowerCenter, Available at http://www.informatica.com/products/data+integration/power-center/default.htm

  15. Koutrika, G., Ioannidis, Y.: Personalization of Queries in Database Systems. In: Proceedings of the 20th IEEE International Conference on Data Engineering (ICDE 2004), Boston, USA, pp. 597–608 (2004)

    Google Scholar 

  16. Kimball, R., Reeves, L., Ross, M., Thornthwaite, W.: The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing, and Deploying Data Warehouses. John Wiley & Sons, New York (1998)

    Google Scholar 

  17. Lenzerini, M.: Data Integration: A Theoretical Perspective. In: Proceedings of 21st Symposium on Principles of Database Systems (PODS), Wisconsin, USA, pp. 233–246 (2002)

    Google Scholar 

  18. Microsoft. Data Transformation Services, Available at http://www.microsoft.com

  19. NIST, New tool for identifying Vulnerabilities Up and Running. Journal on Research of the Nat. Institute of Standards and Technologies (2001)

    Google Scholar 

  20. Oracle Corp. Oracle9iTM Warehouse Builder User’s Guide, Release 9.0.2 (2001), Available at http://otn.oracle.com/products/warehouse/content.html

  21. MITRE. Oval Web Site (2005), Available at http://oval.mitre.org/

  22. PURDUE University (2005), Available at https://cirdb.cerias.purdue.edu/website/

  23. Rahm, E., Hai Do, H.: Data Cleaning: Problems and Current Approaches. Bulletin of the Technical Committee on Data Engineering 23(4) (2000)

    Google Scholar 

  24. Raman, V., Hellerstein, J.: Potter’s Wheel: An Interactive Data Cleaning System. In: VLDB 2001, Roma, Italy, pp. 381–390 (2001)

    Google Scholar 

  25. Simitsis, A.: Modeling and Optimization of Extraction-Transformation-Loading (ETL) Processes in Data Warehouse Environments. National Technical University of Athens: PhD Thesis, Athens, Greece (2004)

    Google Scholar 

  26. Simitsis, A., Vassiliadis, P., Sellis, T.: Optimizing ETL Processes in Data Warehouse Environments. In: Proceedings of the 21st IEEE International Conference on Data Engineering (ICDE 2005), Tokyo, Japan (2005)

    Google Scholar 

  27. Simitsis, A., Vassiliadis, P., Sellis, T.: State-Space Optimization of ETL Workflows. Accepted in Journal of IEEE Transactions on Knowledge and Data Engineering (TKDE)

    Google Scholar 

  28. Vassiliadis, P., Simitsis, A., Georgantas, P., Terrovitis, M., Skiadopoulos, S.: A Generic and Customizable Framework for the Design of ETL Scenarios. Accepted in Journal of Information Systems

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece

    Meletis A. Belsis & Stefanos Gritzalis

  2. Department of Electrical and Computer Engineering, National Technical University of Athens, Athens, Greece

    Alkis Simitsis

Authors
  1. Meletis A. Belsis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alkis Simitsis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefanos Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer and Communication Engineering, University of Thessaly, Glavani 37, 382 21, Volos, Greece

    Panayiotis Bozanis

  2. Department of Computer and Communication Engineering, University of Thessaly, 382 21, Volos, Greece

    Elias N. Houstis

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Belsis, M.A., Simitsis, A., Gritzalis, S. (2005). Workflow Based Security Incident Management. In: Bozanis, P., Houstis, E.N. (eds) Advances in Informatics. PCI 2005. Lecture Notes in Computer Science, vol 3746. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573036_65

Download citation

  • DOI: https://doi.org/10.1007/11573036_65

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29673-7

  • Online ISBN: 978-3-540-32091-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation