M2D2: A Formal Data Model for IDS Alert Correlation View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2002

AUTHORS

Benjamin Morin , Ludovic Mé , Hervé Debar , Mireille Ducassé

ABSTRACT

At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used for the monitoring, and information about the events observed. M2D2 is formally defined. As far as we know, no other formal model includes the vulnerability and alert parts of M2D2. Three examples of correlations are given. They are rigorously specified using the formal definition of M2D2. As opposed to already published correlation methods, these examples use more than the events generated by security tools; they make use of many concepts formalized in M2D2. More... »

PAGES

115-137

References to SciGraph publications

  • 2001-09-27. Aggregation and Correlation of Intrusion-Detection Alerts in RECENT ADVANCES IN INTRUSION DETECTION
  • 2000. LAMBDA: A Language to Model a Database for Detection of Attacks in RECENT ADVANCES IN INTRUSION DETECTION
  • Book

    TITLE

    Recent Advances in Intrusion Detection

    ISBN

    978-3-540-00020-4
    978-3-540-36084-1

    Author Affiliations

    Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/3-540-36084-0_7

    DOI

    http://dx.doi.org/10.1007/3-540-36084-0_7

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1019349336


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information Systems", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Orange (France)", 
              "id": "https://www.grid.ac/institutes/grid.89485.38", 
              "name": [
                "France T\u00e9l\u00e9com R&D, Caen, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Morin", 
            "givenName": "Benjamin", 
            "id": "sg:person.013114004075.10", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013114004075.10"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Sup\u00e9lec", 
              "id": "https://www.grid.ac/institutes/grid.424471.0", 
              "name": [
                "Sup\u00e9lec, Rennes, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "M\u00e9", 
            "givenName": "Ludovic", 
            "id": "sg:person.07761036762.44", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07761036762.44"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Orange (France)", 
              "id": "https://www.grid.ac/institutes/grid.89485.38", 
              "name": [
                "France T\u00e9l\u00e9com R&D, Caen, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Debar", 
            "givenName": "Herv\u00e9", 
            "id": "sg:person.016303555143.12", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016303555143.12"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "name": [
                "IRISA/INSA, Rennes, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Ducass\u00e9", 
            "givenName": "Mireille", 
            "id": "sg:person.010214413243.65", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010214413243.65"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/3-540-39945-3_13", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1007204231", 
              "https://doi.org/10.1007/3-540-39945-3_13"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45474-8_6", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1028240787", 
              "https://doi.org/10.1007/3-540-45474-8_6"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45474-8_6", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1028240787", 
              "https://doi.org/10.1007/3-540-45474-8_6"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2002", 
        "datePublishedReg": "2002-01-01", 
        "description": "At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used for the monitoring, and information about the events observed. M2D2 is formally defined. As far as we know, no other formal model includes the vulnerability and alert parts of M2D2. Three examples of correlations are given. They are rigorously specified using the formal definition of M2D2. As opposed to already published correlation methods, these examples use more than the events generated by security tools; they make use of many concepts formalized in M2D2.", 
        "editor": [
          {
            "familyName": "Wespi", 
            "givenName": "Andreas", 
            "type": "Person"
          }, 
          {
            "familyName": "Vigna", 
            "givenName": "Giovanni", 
            "type": "Person"
          }, 
          {
            "familyName": "Deri", 
            "givenName": "Luca", 
            "type": "Person"
          }
        ], 
        "genre": "chapter", 
        "id": "sg:pub.10.1007/3-540-36084-0_7", 
        "inLanguage": [
          "en"
        ], 
        "isAccessibleForFree": true, 
        "isPartOf": {
          "isbn": [
            "978-3-540-00020-4", 
            "978-3-540-36084-1"
          ], 
          "name": "Recent Advances in Intrusion Detection", 
          "type": "Book"
        }, 
        "name": "M2D2: A Formal Data Model for IDS Alert Correlation", 
        "pagination": "115-137", 
        "productId": [
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/3-540-36084-0_7"
            ]
          }, 
          {
            "name": "readcube_id", 
            "type": "PropertyValue", 
            "value": [
              "5c3137c2fd81e097232f90af41d94e6c49e9da8cff95234704849e5df1e8c94d"
            ]
          }, 
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1019349336"
            ]
          }
        ], 
        "publisher": {
          "location": "Berlin, Heidelberg", 
          "name": "Springer Berlin Heidelberg", 
          "type": "Organisation"
        }, 
        "sameAs": [
          "https://doi.org/10.1007/3-540-36084-0_7", 
          "https://app.dimensions.ai/details/publication/pub.1019349336"
        ], 
        "sdDataset": "chapters", 
        "sdDatePublished": "2019-04-15T14:24", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000001_0000000264/records_8669_00000255.jsonl", 
        "type": "Chapter", 
        "url": "http://link.springer.com/10.1007/3-540-36084-0_7"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/3-540-36084-0_7'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/3-540-36084-0_7'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/3-540-36084-0_7'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/3-540-36084-0_7'


     

    This table displays all metadata directly associated to this object as RDF triples.

    109 TRIPLES      23 PREDICATES      29 URIs      20 LITERALS      8 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/3-540-36084-0_7 schema:about anzsrc-for:08
    2 anzsrc-for:0806
    3 schema:author Ncc1dd725de7d4ddca1e60af78a068771
    4 schema:citation sg:pub.10.1007/3-540-39945-3_13
    5 sg:pub.10.1007/3-540-45474-8_6
    6 schema:datePublished 2002
    7 schema:datePublishedReg 2002-01-01
    8 schema:description At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used for the monitoring, and information about the events observed. M2D2 is formally defined. As far as we know, no other formal model includes the vulnerability and alert parts of M2D2. Three examples of correlations are given. They are rigorously specified using the formal definition of M2D2. As opposed to already published correlation methods, these examples use more than the events generated by security tools; they make use of many concepts formalized in M2D2.
    9 schema:editor N2ec837b1e15648d2909141466e142c65
    10 schema:genre chapter
    11 schema:inLanguage en
    12 schema:isAccessibleForFree true
    13 schema:isPartOf N0c47172ae70c41c8954ea0d429c18620
    14 schema:name M2D2: A Formal Data Model for IDS Alert Correlation
    15 schema:pagination 115-137
    16 schema:productId N75058599d80c41cbbaace68cbd54bfc0
    17 N80f55350c0524df9912b36ed3aee88e2
    18 Nf3f0150a7bd04553bfd41ce52eb3ccd9
    19 schema:publisher N0e19d428b4e442069b66858ecfed7bd0
    20 schema:sameAs https://app.dimensions.ai/details/publication/pub.1019349336
    21 https://doi.org/10.1007/3-540-36084-0_7
    22 schema:sdDatePublished 2019-04-15T14:24
    23 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    24 schema:sdPublisher N4ebbaed5e06f422eabd7a4e25944fab5
    25 schema:url http://link.springer.com/10.1007/3-540-36084-0_7
    26 sgo:license sg:explorer/license/
    27 sgo:sdDataset chapters
    28 rdf:type schema:Chapter
    29 N0767f9f0ab5347a182e3f904f0075f61 rdf:first sg:person.07761036762.44
    30 rdf:rest N391720609e43451eae21e8bebbdc5efd
    31 N0c47172ae70c41c8954ea0d429c18620 schema:isbn 978-3-540-00020-4
    32 978-3-540-36084-1
    33 schema:name Recent Advances in Intrusion Detection
    34 rdf:type schema:Book
    35 N0e19d428b4e442069b66858ecfed7bd0 schema:location Berlin, Heidelberg
    36 schema:name Springer Berlin Heidelberg
    37 rdf:type schema:Organisation
    38 N2ec837b1e15648d2909141466e142c65 rdf:first Nc57a39dbee804194ae746b07fe576dd1
    39 rdf:rest N9ce34e857d3a477da8ee0db00fff9013
    40 N391720609e43451eae21e8bebbdc5efd rdf:first sg:person.016303555143.12
    41 rdf:rest Nc9f352006c33401586ffacb43987af9e
    42 N4ebbaed5e06f422eabd7a4e25944fab5 schema:name Springer Nature - SN SciGraph project
    43 rdf:type schema:Organization
    44 N6f96cc8075804e73a394e5c13fb20a27 schema:familyName Vigna
    45 schema:givenName Giovanni
    46 rdf:type schema:Person
    47 N75058599d80c41cbbaace68cbd54bfc0 schema:name dimensions_id
    48 schema:value pub.1019349336
    49 rdf:type schema:PropertyValue
    50 N80f55350c0524df9912b36ed3aee88e2 schema:name readcube_id
    51 schema:value 5c3137c2fd81e097232f90af41d94e6c49e9da8cff95234704849e5df1e8c94d
    52 rdf:type schema:PropertyValue
    53 N9cd9b311615c4ef8bda67f26fc60b73d rdf:first Nee0cd529cfb84ec3bb5ac0fa92e8d03d
    54 rdf:rest rdf:nil
    55 N9ce34e857d3a477da8ee0db00fff9013 rdf:first N6f96cc8075804e73a394e5c13fb20a27
    56 rdf:rest N9cd9b311615c4ef8bda67f26fc60b73d
    57 Na5627e2e73ab42d0aaa6fd9d352341b1 schema:name IRISA/INSA, Rennes, France
    58 rdf:type schema:Organization
    59 Nc57a39dbee804194ae746b07fe576dd1 schema:familyName Wespi
    60 schema:givenName Andreas
    61 rdf:type schema:Person
    62 Nc9f352006c33401586ffacb43987af9e rdf:first sg:person.010214413243.65
    63 rdf:rest rdf:nil
    64 Ncc1dd725de7d4ddca1e60af78a068771 rdf:first sg:person.013114004075.10
    65 rdf:rest N0767f9f0ab5347a182e3f904f0075f61
    66 Nee0cd529cfb84ec3bb5ac0fa92e8d03d schema:familyName Deri
    67 schema:givenName Luca
    68 rdf:type schema:Person
    69 Nf3f0150a7bd04553bfd41ce52eb3ccd9 schema:name doi
    70 schema:value 10.1007/3-540-36084-0_7
    71 rdf:type schema:PropertyValue
    72 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    73 schema:name Information and Computing Sciences
    74 rdf:type schema:DefinedTerm
    75 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
    76 schema:name Information Systems
    77 rdf:type schema:DefinedTerm
    78 sg:person.010214413243.65 schema:affiliation Na5627e2e73ab42d0aaa6fd9d352341b1
    79 schema:familyName Ducassé
    80 schema:givenName Mireille
    81 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010214413243.65
    82 rdf:type schema:Person
    83 sg:person.013114004075.10 schema:affiliation https://www.grid.ac/institutes/grid.89485.38
    84 schema:familyName Morin
    85 schema:givenName Benjamin
    86 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013114004075.10
    87 rdf:type schema:Person
    88 sg:person.016303555143.12 schema:affiliation https://www.grid.ac/institutes/grid.89485.38
    89 schema:familyName Debar
    90 schema:givenName Hervé
    91 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016303555143.12
    92 rdf:type schema:Person
    93 sg:person.07761036762.44 schema:affiliation https://www.grid.ac/institutes/grid.424471.0
    94 schema:familyName
    95 schema:givenName Ludovic
    96 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07761036762.44
    97 rdf:type schema:Person
    98 sg:pub.10.1007/3-540-39945-3_13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007204231
    99 https://doi.org/10.1007/3-540-39945-3_13
    100 rdf:type schema:CreativeWork
    101 sg:pub.10.1007/3-540-45474-8_6 schema:sameAs https://app.dimensions.ai/details/publication/pub.1028240787
    102 https://doi.org/10.1007/3-540-45474-8_6
    103 rdf:type schema:CreativeWork
    104 https://www.grid.ac/institutes/grid.424471.0 schema:alternateName Supélec
    105 schema:name Supélec, Rennes, France
    106 rdf:type schema:Organization
    107 https://www.grid.ac/institutes/grid.89485.38 schema:alternateName Orange (France)
    108 schema:name France Télécom R&D, Caen, France
    109 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...