Conference Paper

Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention.

DOI: 10.1007/978-3-642-04091-7_14 Conference: Computational Intelligence in Security for Information Systems - CISIS'09, 2nd International Workshop, Burgos, Spain, 23-26 September 2009 Proceedings
Source: DBLP

ABSTRACT Nowadays new intelligent techniques have been used to improve the intrusion detection process in distributed environments.
This paper presents an approach to define an ontology model for representing intrusion detection and prevention events as
well as a hybrid intelligent system based on clustering and Artificial Neuronal Networks for classification and pattern recognition.
We have specified attacks signatures, reaction rules, asserts, axioms using Ontology Web Language with Description Logic (OWL-DL)
with event communication and correlation integrated on Multi-Agent Systems, incorporating supervised and unsupervised models
and generating intelligent reasoning.

KeywordsOntology-Intelligence Security-Intrusion Prevention-Multi-agent systems

8 Followers
 · 
189 Views
  • Source
    01/2010; 42:106-110. DOI:10.2478/v10143-010-0050-6
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes an ontology model for representing intrusion detection events and prevention rules, integrating multiagent systems based on unsupervised and supervised techniques for classification, correlation and pattern recognition. The semantic model describes attacks signatures, reaction tasks, axioms with alerts communication and correlation; nevertheless we have developed the prevention architecture integrated with another security tools. This article focuses on the approach to incorporate semantic operations that facilitate alerts correlation process and providing the inference and reasoning to the ontology model.
    Information Security and Assurance - 4th International Conference, ISA 2010, Miyazaki, Japan, June 23-25, 2010. Proceedings; 01/2010
  • [Show abstract] [Hide abstract]
    ABSTRACT: Network forensics is an after the fact process to investigate malicious activities conducted over computer networks by gathering useful intelligence. Recently, several machine learning techniques have been proposed to automate and develop intelligent network forensics systems. An intelligent network forensics system that reconstructs intrusion scenarios and makes attack attributions requires knowledge about intrusions signatures, evidences, impacts, and objectives. In addition, problem solving knowledge that describes how the system can use domain knowledge to analyze malicious activities is essential for the design of intelligent network forensics systems. In this paper we adapt recent researches in semantic-web, information architecture, and ontology engineering to design a method ontology for network forensics analysis. The proposed ontology represents both network forensics domain knowledge and problem solving knowledge. It can be used as a knowledge-base for developing sophisticated intelligent network forensics systems to support complex chain of reasoning. We use a real life network intrusion scenario to show how our ontology can be integrated and used in intelligent network forensics systems.
    PST; 01/2010