Skip to main content
SpringerLink
Log in

Using Attacks Ontology in Distributed Intrusion Detection System

  • Conference paper
Advances in Computer and Information Sciences and Engineering

Abstract

In this paper we discussed about utilizing methods and techniques of semantic web in the Intrusion Detection Systems. We study, using of ontology, in a Distributed Intrusion Detection System for extracting semantic relation between computer attacks and intrusions. We used Protégé software for building an ontology specifying computer attacks and intrusion. Our Distributed Intrusion Detection System is a network, contains some systems that every system has an individual Intrusion Detection System; and special central system, that contains our proposed attacks ontology. Every time any system detects an attack or new suspected situation, send detection report for central system , with this ontology the central system can extract the semantic relationship among computer attacks and suspected situations in the network; and it is better to decide about them and consequently reduce the rate of false positive and false negative in Intrusion Detection Systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Undercoffer. J, Joshi. A, Pinkston. J, Modeling Computer Attacks: An Ontology for Intrusion Detection, Springer, pp. 113–135, 2003.

    Google Scholar 

  2. J. Undercoffer, A. Joshi,, T. Finin, and John Pinkston, “A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors”, Knowledge Engineering Review, Cambridge University Press, pp. 23-29, January, 2004.

    Google Scholar 

  3. S. Mandujano, A. Galván, J. A. Nolazco, “An Ontology-based Multiagent Architecture for Outbound Intrusion Detection”, 3rd ACS/IEEE International Conference on Computer Systems and Applications, AICCSA ’05, vol. 1, pp. 120-128, Cairo, Egypt, January 2005.

    Google Scholar 

  4. V. Raskin, C. Helpenmann, K. Triezenberg, and S. Nirenburg, “Ontology in information security: a useful theoretical foundation and methodological tool”, New Security Paradigms Workshop, ACM Press, pp. 53-59, Cloudcroft, NM, 2001.

    Google Scholar 

  5. Yan, W., Hou, E., Ansari, N., Extracting and querying network attack scenarios knowledge in IDS using PCTCG and alert semantic networks,. IEEE International Conference 2005.

    Google Scholar 

  6. Yanxiang.H, Wei.C, Min.Y and Wenling.P ,Ontology Based Cooperative Intrusion Detection System, Network and Parallel Computing, 2004 springerlink

    Google Scholar 

  7. Mandujano. S, An Ontology-supported Intrusion Detection System, Taiwanese Association for Artificial Intelligence, 2005

    Google Scholar 

  8. Klaus. M, IDS - Intrusion Detection System, 2005

    Google Scholar 

  9. Anagnostopoulos, T.; Anagnostopoulos, C.; Hadjiefthymiades, S., Enabling attack behavior prediction in ubiquitous environments, Pervasive Services, ICPS ‘05. 2005.

    Google Scholar 

  10. Gomez J., Dasgupta D., “Evolving Fuzzy Classifiers for Intrusion Detection”, Proceeding Of 2002 IEEE Workshop on Information Assurance, United States Military Academy, West Point NY, June 2001.

    Google Scholar 

  11. Guan Y., Ghorbani A. And Belacel N., “Y-means: A Clustering Method for Intrusion Detection”, Proceedings of Canadian Conference on Electrical and Computer Engineering. Montreal, Quebec, Canada. May 4-7, 2003.

    Google Scholar 

  12. Ilgun K., Kemmerer R.A., and Porras P.A., “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Transaction on Software Engineering, Vol 2, No 3, 21(3), March 1995.

    Google Scholar 

  13. Lee W., Stolfo S.J., Mok K., “A data mining framework for building intrusion detection models”, Proceedings of IEEE Symposium on Security and Privacy, pp 120 –132, 1999.

    Google Scholar 

  14. Mohajerani M., Morini A., Kianie M. "NFIDS: A Neuro-Fuzzy Intrusion Detection System”, IEEE 2003.

    Google Scholar 

  15. Lait, Leslie R.; Nash, Eric R.; Newman, Paul A. , The df A proposed data format standard, NASA Center: Goddard Space Flight Center, Mar 1, 1993

    Google Scholar 

  16. 09-Ashbindu-GEAS_19 October - The advantage of standard format alerts. www.oasis-open.org/events/ITU-T-

    Google Scholar 

  17. Simon H, Ray , A taxonomy of network and computer attacks, Elsevier, Computers & Security (2005) 24, 31e43

    Google Scholar 

  18. Deborah L. McGuinness, Ontology Come og Age, spinning the semantic web,2003.

    Google Scholar 

  19. DU.Y, WANG. H, PANG. Y, Design of A Distributed Intrusion Detection System Based on Independent Agents, IEEE 2004.

    Google Scholar 

  20. http://protege.stanford.edu

    Google Scholar 

  21. kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ferdowsi University of Mashhad, Mashhad

    F. Abdoli

  2. Communication and Computer Research Center, Mashhad

    F. Abdoli & M. Kahani

Authors
  1. F. Abdoli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Kahani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering, University of Bridgeport, 221 University Avenue, Bridgeport, CT 06604, USA

    Tarek Sobh

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media B.V.

About this paper

Cite this paper

Abdoli, F., Kahani, M. (2008). Using Attacks Ontology in Distributed Intrusion Detection System. In: Sobh, T. (eds) Advances in Computer and Information Sciences and Engineering. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8741-7_28

Download citation

  • DOI: https://doi.org/10.1007/978-1-4020-8741-7_28

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-1-4020-8740-0

  • Online ISBN: 978-1-4020-8741-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation