Generalising Event Correlation Across Multiple Domains

ABSTRACT

In cases involving computer related crime, event oriented evidence is coming under increased scrutiny. Automated methods of classifying events and patterns of events into higher level terminology and vocabulary hold promise for assisting investigators to cope with voluminous, low-level event oriented evidence. In a previous paper, it was demonstrated that the ontology language, OWL was an effective means of representing domain-specific event based knowledge, and when combined with a rule language, was sufficient to apply standard correlation techniques to the task of automated forensic investigation. This paper demonstrates the approach may be rapidly extended to events sourced from new domains, enabling automated cross-domain correlation and that the new approach will accommodate standardised component ontologies which model the separate domains under consideration.


AUTHORS

Information Security Institute, Queensland University of Technology, Brisbane
Australia

Bradley Schatz is a Doctoral student in the Information Security Institute at the Queensland University of Technology, Brisbane, Australia. His research focus is event correlation, computer forensics and knowledge representation. Bradley's professional experience is in software engineering, network security and systems management, in markets such as banking, entertainment, and health.

Information Security Institute, Queensland University of Technology, Brisbane
Australia

George Mohay is an Adjunct Professor in the Information Security Institute at the Queensland University of Technology, Brisbane, Australia where he had previously been Head of the School of Computing Science and Software Engineering from 1992 to 2002. His current research interests lie in the areas of computer security, intrusion detection, and computer forensics and he is currently involved as chief investigator in a number of related funded research projects such as one with Australia's DSTO (Defence Science and Technology Organization), He recently published book /Computer and Intrusion Forensics/ and is a program committee member for several international conferences in security including RAID, Recent Advances in Intrusion Detection.

Information Security Institute, Queensland University of Technology, Brisbane
Australia

Andrew Clark is a Senior Research Fellow with the Information Security Institute at Queensland University of Technology in Brisbane, Australia. His research interests are in the area of network security, in particular intrusion detection and network forensics and he supervises a number of postgraduate research students in these areas. He is also involved in numerous collaborative research and consulting activities in the security area with industry partners from the government and corporate sectors.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com