Skip to main content
SpringerLink
Log in

Intrusion Correlation Using Ontologies and Multi-agent Systems

  • Conference paper
Information Security and Assurance (ISA 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 76))

Included in the following conference series:

Abstract

This paper proposes an ontology model for representing intrusion detection events and prevention rules, integrating multiagent systems based on unsupervised and supervised techniques for classification, correlation and pattern recognition. The semantic model describes attacks signatures, reaction tasks, axioms with alerts communication and correlation; nevertheless we have developed the prevention architecture integrated with another security tools. This article focuses on the approach to incorporate semantic operations that facilitate alerts correlation process and providing the inference and reasoning to the ontology model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Al-Mamory, S., Zhang, H.: Intrusion detection alarms reduction using root cause analysis and clustering, pp. 419–430. Butterworth-Heinemann, Butterworths (2009)

    Google Scholar 

  2. Undercoffer, J., Finin, T., Joshi, A., Pinkston, J.: A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors. Knowledge Engineering Review - Special Issue on Ontologies for Distributed Systems, 2–22 (2005)

    Google Scholar 

  3. Mandujano, S., Galvan, A., Nolazco, J.: An ontology-based multiagent approach to outbound intrusion detection. In: The 3rd ACS/IEEE International Conference on Computer Systems and Applications, p. 94 (2005)

    Google Scholar 

  4. Denker, G., Kagal, L., Finin, T., Paolucci, M., et al.: Security for DAML Web Services: Annotation and Matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Raskin, V., Hempelmann, C.C.F., Triezenberg, K., Nirenburg, A.: Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool. In: Proceedings of the 2001 Workshop on New Security Paradigms (NSPW 2001), pp. 53–59 (2001)

    Google Scholar 

  6. Cuppens-Boulahia, N., Cuppens, F., Lopez de Vergara, J.E., Vazquez, E., et al.: An ontology-based approach to react to network attacks. In: Third International Conference on Risks and Security of Internet and Systems, CRiSIS 2008, pp. 27–35 (2008) (on Publication)

    Google Scholar 

  7. Goldman, R., Harp, S.: Model-based Intrusion Assessment in Common Lisp. In: International Lisp Conference, 2009. Association of Lisp Users and ACM SIGPLAN, Cambridge (2009)

    Google Scholar 

  8. Balasubramaniyan, J., Garcia-Fernandez, J., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection using Autonomous Agents. Department of Computer Sciences. Purdue University, West Lafayette (1998)

    Google Scholar 

  9. Krmicek, V., Celeda, P., Rehak, M., Pechoucek, M.: Agent-Based Network Intrusion Detection System. In: Proceedings of the 2007 IEEE/WIC/ACM International Conference on Intelligent Agent Technology. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  10. Orfila, A., Carbo, J., Ribagorda, A.: Autonomous decision on intrusion detection with trained BDI agents, pp. 1803–1813. Butterworth-Heinemann, Butterworths (2008)

    Google Scholar 

  11. Lips, R., El-Kadhi, N.: Intelligent Mobile Agent for Intrusion Detection System (IMAIDS), European Institute of Technology. rue Pasteur - 94270, Le Kremlin-France (2008)

    Google Scholar 

  12. Herrero, A., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization. In: Corchado, E. (ed.) Innovations in Hybrid Intelligent Systems. ASC, vol. 44, pp. 320–328. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Sandhya, P., Ajith, A., Crina, G., Johnson, T.: Modeling intrusion detection system using hybrid intelligent systems, pp. 114–132. Academic Press Ltd., London (2007)

    Google Scholar 

  14. Zurutuza, U., Uribeetxeberria, R., Azketa, E., Gil, G., et al.: Combined Data Mining Approach for Intrusion Detection. In: International Conference on Security and Criptography, Barcelona, Spain (2008)

    Google Scholar 

  15. IETF-IDMEF. he Intrusion Detection Message Exchange Format (IDMEF) (2007), http://www.ietf.org/rfc/rfc4765.txt (Consulted: Febrero 2008)

  16. Corcho, O., López, M., Gómez-Pérez, A., López-Cima, A.: Building Legal Ontologies with METHONTOLOGY and WebODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. LNCS (LNAI), vol. 3369, pp. 142–157. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Isaza, G., Castillo, A., Lopez, M., Castillo, L.: Towards Ontology-based intelligent model for Intrusion Detection and Prevention. In: 2nd International Workshop on Computational Intelligence in Security for Information Systems, CISIS 2009, pp. 109–116. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Baader, F., Nutt, W.: Basic description logics. In: The description logic handbook: theory, implementation, and applications, pp. 43–95. Cambridge University Press, Cambridge (2003)

    Google Scholar 

  19. DARPA. DARPA Intrusion Detection Evaluation, The 1999 DARPA off-line intrusion detection evaluation, LINCOLN LABORATORY Massachusetts Institute of Technology, http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html (Consulted 2008)

  20. Vila, X., Schustera, A., Riera, A.: Security for a Multi-Agent System based on JADE. Computers and Security. Science Direct 26(5), 391–400 (2007)

    Google Scholar 

  21. Friedman-Hill, E., Sandia, L.: Jess, The Rule Engine for Java Platform (2009), http://www.jessrules.com/jess/docs/index.shtml (Consulted 2009)

  22. Cuppens, F., Miège, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: IEEE Symposium on Security and Privacy, Oakland, May 12 - 15 (2002)

    Google Scholar 

  23. Isaza, G., Castillo, A., Duque, N.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies. In: 7th International Conference on Practical Applications of Agents and Multi-Agent Systems (PAAMS 2009). AISC, vol. 55, pp. 237–245. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Systems and Informatics Department, University of Caldas, Street 65 # 26-10, Manizales, Colombia

    Gustavo Isaza, Marcelo López & Manuel López

  2. Language, Informatics Systems and Software Engineer Department, Pontifical University of Salamanca, Campus Madrid, Paseo Juan XXIII, 3, Madrid, Spain

    Andrés Castillo

  3. Industrial Engineer Department, National University, Street 64 # 27-60, Manizales, Colombia

    Luis Castillo

Authors
  1. Gustavo Isaza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrés Castillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcelo López
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luis Castillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manuel López
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Calcutta, India

    Samir Kumar Bandyopadhyay

  2. Braunschweig University of Technology, Braunschweig, Germany

    Wael Adi

  3. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  4. The University of Alabama, Tuscaloosa, AL, USA

    Yang Xiao

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Isaza, G., Castillo, A., López, M., Castillo, L., López, M. (2010). Intrusion Correlation Using Ontologies and Multi-agent Systems. In: Bandyopadhyay, S.K., Adi, W., Kim, Th., Xiao, Y. (eds) Information Security and Assurance. ISA 2010. Communications in Computer and Information Science, vol 76. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13365-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13365-7_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13364-0

  • Online ISBN: 978-3-642-13365-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation