Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention
DOI: 10.1007/978-3-642-04091-7_14 Conference: Computational Intelligence in Security for Information Systems - CISIS'09, 2nd International Workshop, Burgos, Spain, 23-26 September 2009 Proceedings
Nowadays new intelligent techniques have been used to improve the intrusion detection process in distributed environments.
This paper presents an approach to define an ontology model for representing intrusion detection and prevention events as
well as a hybrid intelligent system based on clustering and Artificial Neuronal Networks for classification and pattern recognition.
We have specified attacks signatures, reaction rules, asserts, axioms using Ontology Web Language with Description Logic (OWL-DL)
with event communication and correlation integrated on Multi-Agent Systems, incorporating supervised and unsupervised models
and generating intelligent reasoning.
KeywordsOntology-Intelligence Security-Intrusion Prevention-Multi-agent systems
Available from: osipov.lv
01/2010; 42:106-110. DOI:10.2478/v10143-010-0050-6
[Show abstract] [Hide abstract]
ABSTRACT: This paper proposes an ontology model for representing intrusion detection events and prevention rules, integrating multiagent
systems based on unsupervised and supervised techniques for classification, correlation and pattern recognition. The semantic
model describes attacks signatures, reaction tasks, axioms with alerts communication and correlation; nevertheless we have
developed the prevention architecture integrated with another security tools. This article focuses on the approach to incorporate
semantic operations that facilitate alerts correlation process and providing the inference and reasoning to the ontology model.
Information Security and Assurance - 4th International Conference, ISA 2010, Miyazaki, Japan, June 23-25, 2010. Proceedings; 01/2010
[Show abstract] [Hide abstract]
ABSTRACT: Network forensics is an after the fact process to investigate malicious activities conducted over computer networks by gathering useful intelligence. Recently, several machine learning techniques have been proposed to automate and develop intelligent network forensics systems. An intelligent network forensics system that reconstructs intrusion scenarios and makes attack attributions requires knowledge about intrusions signatures, evidences, impacts, and objectives. In addition, problem solving knowledge that describes how the system can use domain knowledge to analyze malicious activities is essential for the design of intelligent network forensics systems. In this paper we adapt recent researches in semantic-web, information architecture, and ontology engineering to design a method ontology for network forensics analysis. The proposed ontology represents both network forensics domain knowledge and problem solving knowledge. It can be used as a knowledge-base for developing sophisticated intelligent network forensics systems to support complex chain of reasoning. We use a real life network intrusion scenario to show how our ontology can be integrated and used in intelligent network forensics systems.
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.