Abstract
In this paper we discussed about utilizing methods and techniques of semantic web in the Intrusion Detection Systems. We study, using of ontology, in a Distributed Intrusion Detection System for extracting semantic relation between computer attacks and intrusions. We used Protégé software for building an ontology specifying computer attacks and intrusion. Our Distributed Intrusion Detection System is a network, contains some systems that every system has an individual Intrusion Detection System; and special central system, that contains our proposed attacks ontology. Every time any system detects an attack or new suspected situation, send detection report for central system , with this ontology the central system can extract the semantic relationship among computer attacks and suspected situations in the network; and it is better to decide about them and consequently reduce the rate of false positive and false negative in Intrusion Detection Systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Undercoffer. J, Joshi. A, Pinkston. J, Modeling Computer Attacks: An Ontology for Intrusion Detection, Springer, pp. 113–135, 2003.
J. Undercoffer, A. Joshi,, T. Finin, and John Pinkston, “A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors”, Knowledge Engineering Review, Cambridge University Press, pp. 23-29, January, 2004.
S. Mandujano, A. Galván, J. A. Nolazco, “An Ontology-based Multiagent Architecture for Outbound Intrusion Detection”, 3rd ACS/IEEE International Conference on Computer Systems and Applications, AICCSA ’05, vol. 1, pp. 120-128, Cairo, Egypt, January 2005.
V. Raskin, C. Helpenmann, K. Triezenberg, and S. Nirenburg, “Ontology in information security: a useful theoretical foundation and methodological tool”, New Security Paradigms Workshop, ACM Press, pp. 53-59, Cloudcroft, NM, 2001.
Yan, W., Hou, E., Ansari, N., Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks,. IEEE International Conference 2005.
Yanxiang.H, Wei.C, Min.Y and Wenling.P ,Ontology Based Cooperative Intrusion Detection System, Network and Parallel Computing, 2004 springerlink
Mandujano. S, An Ontology-supported Intrusion Detection System, Taiwanese Association for Artificial Intelligence, 2005
Klaus. M, IDS - Intrusion Detection System, 2005
Anagnostopoulos, T.; Anagnostopoulos, C.; Hadjiefthymiades, S., Enabling attack behavior prediction in ubiquitous environments, Pervasive Services, ICPS ‘05. 2005.
Gomez J., Dasgupta D., “Evolving Fuzzy Classifiers for Intrusion Detection”, Proceeding Of 2002 IEEE Workshop on Information Assurance, United States Military Academy, West Point NY, June 2001.
Guan Y., Ghorbani A. And Belacel N., “Y-means: A Clustering Method for Intrusion Detection”, Proceedings of Canadian Conference on Electrical and Computer Engineering. Montreal, Quebec, Canada. May 4-7, 2003.
Ilgun K., Kemmerer R.A., and Porras P.A., “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Transaction on Software Engineering, Vol 2, No 3, 21(3), March 1995.
Lee W., Stolfo S.J., Mok K., “A data mining framework for building intrusion detection models”, Proceedings of IEEE Symposium on Security and Privacy, pp 120 –132, 1999.
Mohajerani M., Morini A., Kianie M. "NFIDS: A Neuro-Fuzzy Intrusion Detection System”, IEEE 2003.
Lait, Leslie R.; Nash, Eric R.; Newman, Paul A. , The df A proposed data format standard, NASA Center: Goddard Space Flight Center, Mar 1, 1993
09-Ashbindu-GEAS_19 October - The advantage of standard format alerts. www.oasis-open.org/events/ITU-T-
Simon H, Ray , A taxonomy of network and computer attacks, Elsevier, Computers & Security (2005) 24, 31e43
Deborah L. McGuinness, Ontology Come og Age, spinning the semantic web,2003.
DU.Y, WANG. H, PANG. Y, Design of A Distributed Intrusion Detection System Based on Independent Agents, IEEE 2004.
http://protege.stanford.edu
kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media B.V.
About this paper
Cite this paper
Abdoli, F., Kahani, M. (2008). Using Attacks Ontology in Distributed Intrusion Detection System. In: Sobh, T. (eds) Advances in Computer and Information Sciences and Engineering. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8741-7_28
Download citation
DOI: https://doi.org/10.1007/978-1-4020-8741-7_28
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-8740-0
Online ISBN: 978-1-4020-8741-7
eBook Packages: Computer ScienceComputer Science (R0)