Our Publications
Here you find our publications.
2019
Dernaika, Farah; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Raynaud, Olivier
Semantic mediation for a posteriori log analysis Journal Article
In: ACM International Conference Proceeding Series, 2019, ISBN: 9781450371643.
Abstract | Links | BibTeX | Tags: Access Policy, Logs, Query Rewriting, Semantic Mediation
@article{Dernaika2019,
title = {Semantic mediation for a posteriori log analysis},
author = {Farah Dernaika and Nora Cuppens-Boulahia and Fr\'{e}d\'{e}ric Cuppens and Olivier Raynaud},
doi = {10.1145/3339252.3340104},
isbn = {9781450371643},
year = {2019},
date = {2019-01-01},
journal = {ACM International Conference Proceeding Series},
abstract = {The a posteriori access control mode consists in monitoring actions performed by users, to detect possible violations of the security policy and to apply sanctions or reparations. In general, logs are among the first data sources that information security specialists consult for forensics when they suspect that something went wrong. One difficult challenge we face when analyzing logs, is the multiple log file formats. However, normalizing logs in one format needs a lot of processing especially because log files usually contain a high volume of data. Our study proposes then to tackle this problem, by leaving the different log formats as they are, and retrieving information from logs by querying them. A semantic mediator makes it possible to inter-operate various sources of information without modifying their internal functioning. It can be responsible for locating data sources, to transmit queries to each source, or from one source to another, to retrieve the queries responses and possibly send them back to other sources. To the best of our knowledge, semantic mediation techniques have been used to share information from heterogeneous data sources, but they were never used in the context of log analysis.},
keywords = {Access Policy, Logs, Query Rewriting, Semantic Mediation},
pubstate = {published},
tppubtype = {article}
}
The a posteriori access control mode consists in monitoring actions performed by users, to detect possible violations of the security policy and to apply sanctions or reparations. In general, logs are among the first data sources that information security specialists consult for forensics when they suspect that something went wrong. One difficult challenge we face when analyzing logs, is the multiple log file formats. However, normalizing logs in one format needs a lot of processing especially because log files usually contain a high volume of data. Our study proposes then to tackle this problem, by leaving the different log formats as they are, and retrieving information from logs by querying them. A semantic mediator makes it possible to inter-operate various sources of information without modifying their internal functioning. It can be responsible for locating data sources, to transmit queries to each source, or from one source to another, to retrieve the queries responses and possibly send them back to other sources. To the best of our knowledge, semantic mediation techniques have been used to share information from heterogeneous data sources, but they were never used in the context of log analysis.