Beschreibung
The steadily growing complex IT infrastructure is required to be monitored by a diversity of sensors. These sensors can transmit events to security information and event management (SIEM) systems for the purpose of identifying IT incidents by using event correlation mechanisms. Several open problems in current enterprise SIEM systems with respect to their event correlation are discussed. An advanced event correlation using a special kind of soft pattern matching in conjunction with ontological background knowledge and a probabilistic post processing by conditional random fields is proposed to address these problems. It is shown that this approach improves the detection accuracy by detecting incident variations or even unknown incidents in contrast to currently applied rule-based correlations.
