Abstract
A security orchestration platform aims at integrating the activities performed by multi-vendor security tools to streamline the required incident response process. To make such a platform useful in practice in a Security Operation Center (SOC), we need to address three key challenges: interpretability, interoperability, and automation. In this paper, we proposed a novel semantic integration approach to automatically select and integrate security tools with essential capability for auto-execution of an incident response process in a security orchestration platform. The capability of security tools and the activities of the incident response process are formalized using ontologies, which have been used for NLP based approach to classify the activities for the emerging incident response processes. The developed ontologies and NLP approaches have been used for an interoperability model for selection and integration of security tools at runtime for the successful execution of an incident response process. Experimental results demonstrate the feasibility of the classifier and interoperability model for achieving interpretability, interoperability, and automation of security tools integrated into a security orchestration platform.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
https://docs.servicenow.com/: offers on-demand, cloud-based IT service management solution, forms-based workflow application development, automation workflow, productivity tool for business user and so forth.
References
Demisto. https://www.demisto.com/wp-content/uploads/2017/04/MH-Demisto-Security-Automation-WP.pdf. Accessed 11 Oct 2017
Koyama, T., Hu, B., Nagafuchi, Y., Shioji, E., Takahashi, K.: Security orchestration with a global threat intelligence platform. NTT Tech. Rev. 13, 1–6 (2015)
Luo, S., Salem, M.B.: Orchestration of software-defined security services. In: 2016 IEEE International Conference on Communications Workshops, ICC 2016, pp. 436–441 (2016)
Enterprise Strategy Group. https://www.esg-global.com/research/esg-research-report-cybersecurity-analytics-and-operations-in-transition. Accessed 25 Feb 2019
McAfee. https://www.mcafee.com/au/solutions/orchestration.aspx. Accessed 20 Oct 2017
Komand. https://www.komand.com/. Accessed 21 Oct 2017
Feitosa, E., Souto, E., Sadok, D.H.: An orchestration approach for unwanted internet traffic identification. Comput. Netw. 56, 2805–2831 (2012)
SIEMPLIFY. https://www.siemplify.co/security-orchestration-automation. Accessed 1 Nov 2017
SWIMLANE. https://swimlane.com/use-cases/security-orchestration-for-automated-defense/. Accessed 20 Nov 2017
Yu, T., Fayaz, S.K., Collins, M., Sekar, V., Seshan, S.: PSI: precise security instrumentation for enterprise networks. In: Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA (2017)
SWIMLANE. https://swimlane.com/ebook-sao-capabilities/. Accessed 20 Oct 2017
FireEye. https://www.fireeye.com/solutions/security-orchestrator.html. Accessed 11 Jan 2018
Microsoft. https://www.microsoft.com/en-us/windowsforbusiness/windows-atp. Accessed 21 Jan 2018
Crowley, C., Pescatore, J.: The Definition of SOC-cess? SANS 2018 Security Operations Center Survey. SANS (2018)
Evesti, A., Ovaska, E.: Ontology-based security adaptation at run-time. In: 2010 4th IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO), pp. 204–212. IEEE (2010)
Syed, Z., Padia, A., Finin, T., Mathews, M.L., Joshi, A.: UCO: a unified cybersecurity ontology. In: AAAI Workshop: Artificial Intelligence for Cyber Security (2016)
Chauhan, M.A., Babar, M.A., Sheng, Q.Z.: A Reference architecture for provisioning of tools as a service: meta-model, ontologies and design elements. Future Gener. Comput. Syst. 69, 41–65 (2017)
Krauß, D., Thomalla, C.: Ontology-based detection of cyber-attacks to SCADA-systems in critical infrastructures. In: 2016 6th International Conference on Digital Information and Communication Technology and Its Applications, DICTAP 2016, pp. 70–73 (2016)
Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity. Auerbach Publications, Boca Raton (2016)
Acknowledgment
This work is partially supported by Data61/CSIRO, Australia. We acknowledge the contributions of the shepherd reviewer Professor Andreas L. Opdahl from the University of Bergen, Norway who provided insightful comments with continuous engagement to improve the paper.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Islam, C., Babar, M.A., Nepal, S. (2019). Automated Interpretation and Integration of Security Tools Using Semantic Knowledge. In: Giorgini, P., Weber, B. (eds) Advanced Information Systems Engineering. CAiSE 2019. Lecture Notes in Computer Science(), vol 11483. Springer, Cham. https://doi.org/10.1007/978-3-030-21290-2_32
Download citation
DOI: https://doi.org/10.1007/978-3-030-21290-2_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21289-6
Online ISBN: 978-3-030-21290-2
eBook Packages: Computer ScienceComputer Science (R0)