Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention

  • Gustavo Isaza
  • Andrés Castillo
  • Manuel López
  • Luis Castillo
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 63)


Nowadays new intelligent techniques have been used to improve the intrusion detection process in distributed environments. This paper presents an approach to define an ontology model for representing intrusion detection and prevention events as well as a hybrid intelligent system based on clustering and Artificial Neuronal Networks for classification and pattern recognition. We have specified attacks signatures, reaction rules, asserts, axioms using Ontology Web Language with Description Logic (OWL-DL) with event communication and correlation integrated on Multi-Agent Systems, incorporating supervised and unsupervised models and generating intelligent reasoning.


Ontology Intelligence Security Intrusion Prevention Multi-agent systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Undercoffer, J., Finin, T., Joshi, A., Pinkston, J.: A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors. In: Knowledge Engineering Review - Special Issue on Ontologies for Distributed Systems, pp. 2–22. Cambridge University Press, Cambridge (2005)Google Scholar
  2. 2.
    Mandujano, S., Galvan, A., Nolazco, J.: An ontology-based multiagent approach to outbound intrusion detection. In: The 3rd ACS/IEEE International Conference on Computer Systems and Applications, p. 94 (2005)Google Scholar
  3. 3.
    Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.: Security for DAML web services: Annotation and matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., et al.: CIDS: An agent-based intrusion detection system. Computer and Security: Science Direct 24(5), 387–398 (2005)Google Scholar
  5. 5.
    Herrero, A., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization in Innovations in Hybrid Intelligent Systems, pp. 320–328. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Golovko, V., Kachurka, P., Vaitsekhovich, L.: Neural Network Ensembles for Intrusion Detection. In: 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. IDAACS 2007, pp. 578–583 (2007)Google Scholar
  7. 7.
    Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: 13th International Conference on Image Analysis and Processing - ICIAP, Cagliari, Italy, pp. 50–57 (2005)Google Scholar
  8. 8.
    Li, K., Teng, G.: Unsupervised SVM Based on p-kernels for Anomaly Detection. In: Proceedings of the First International Conference on Innovative Computing, Information and Control, vol. 2. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  9. 9.
    Zurutuza, U., Uribeetxeberria, R., Azketa, E., Gil, G., et al.: Combined Data Mining Approach for Intrusion Detection. In: International Conference on Security and Criptography, Barcelona, Spain (2008)Google Scholar
  10. 10.
    Al-Mamory, S., Zhang, H.: Intrusion detection alarms reduction using root cause analysis and clustering, pp. 419–430. Butterworth-Heinemann (2009)Google Scholar
  11. 11.
    Jiang, S., Song, X., Wang, H., Han, J., et al.: A clustering-based method for unsupervised intrusion detections, pp. 802–810. Elsevier Science Inc., Amsterdam (2006)Google Scholar
  12. 12.
    IETF-IDMEF. he Intrusion Detection Message Exchange Format (IDMEF). Consulted (2008), (2007)
  13. 13.
    Horrocks, I., Patel-Schneider, P., McGuinness, D.: OWL: a Description Logic Based Ontology Language for the Semantic Web. In: Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F. (eds.) The Description Logic Handbook: Theory, Implementation and Applications, 2nd edn., pp. 458–486. Cambridge University Press, Cambridge (2007)CrossRefGoogle Scholar
  14. 14.
    Corcho, Ó., Fernández-López, M., Gómez-Pérez, A., López-Cima, A.: Building legal ontologies with METHONTOLOGY and webODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. LNCS (LNAI), vol. 3369, pp. 142–157. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    DARPA. DARPA Intrusion Detection Evaluation, The, DARPA off-line intrusion detection evaluation. LINCOLN LABORATORY Massachusetts Institute of Technology. Consulted (2008), (1999)
  16. 16.
    Isaza, G., Castillo, A., Duque, N.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies in Advances in Intelligence and Soft Computing. In: Demazeau, Y., et al. (eds.) PAAMS 2009, pp. 237–245. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Gustavo Isaza
    • 1
  • Andrés Castillo
    • 2
  • Manuel López
    • 1
  • Luis Castillo
    • 3
  1. 1.Departamento de Sistemas e InformáticaUniversidad de CaldasManizalesColombia
  2. 2.Departamento de Lenguajes e Ingeniería del SoftwareUniversidad Pontificia de SalamancaMadridSpain
  3. 3.Departamento de Ingeniería IndustrialUniversidad Nacional de Colombia Sede ManizalesColombia

Personalised recommendations