Abstract
Network security emergency response (NSER) is an important topic in information security. Nowadays, a large number of NSER systems and tools are developed, which can effectively detect part of security incidents and provide general best-practice guidelines for handling some type of security incidents, but not give a reasonable, fast, effective processing method for every security incidents in actual environment. An intelligent method based on case-based reasoning (CBR) and description logic (DL) is proposed for NSER. Firstly, a case base for NSER is organized in such a way that domain knowledge of NSER is described by the DL ALCO(D). Secondly, based on refinement operator and refinement graph in DLs, an algorithm for measuring the similarity of ALCO(D) concepts is designed and used for retrieving cases from the case base. It is demonstrated that our method can reuse past experiences on security incidents to generate response automatically.
Chapter PDF
Similar content being viewed by others
Keywords
References
Mitropoulos, S., Dimitrios, P., Christos, D.: On Incident Handling and Response: A state-of-the-art approach. Computers & Security 25(5), 351–370 (2006)
Danyliw, R., Meijer, J., Demchenko, Y.: RFC 5070:The Incident Object Description Exchange Format. Internet Engineering Task Force ( IETF) (2007)
Scarfone, K., Grance, T., Masone, K.: Computer security incident handling guide. NIST Special Publication 800(61), 38 (2008)
Lopez De Mantaras, R., McSherry, D., Bridge, D., et al.: Retrieval, reuse, revision and retention in case-based reasoning. The Knowledge Engineering Review 20(03), 215–240 (2005)
Capuzzi, G., Spalazzi, L., Pagliarecci, F.: IRSS: Incident Response Support System. In: International Symposium on Collaborative Technologies and Systems (CTS), pp. 81–88. IEEE (2006)
Kim, H.K., Im, K.H., Park, S.C.D.: for computer security incident response applying CBR and collaborative response. Expert Systems with Applications 37(1), 852–870 (2010)
Ping, L., Haifeng, Y., Guoqing, M.: An incident response decision support system based on CBR and ontology. In: Proc. of the 2010 Int Conf. on Computer Application and System Modeling (ICCASM), vol. 11, pp. 337–340. IEEE (2010)
Cunningham, P., Taxonomy, A.: of Similarity Mechanisms for Case-Based Reasoning. IEEE Trans. on Knowledge and Data Engineering 21(11), 1532–1543 (2009)
Sánchez-Ruiz, A.A., Ontañón, S., González-Calero, P.A., Plaza, E.: Measuring similarity in description logics using refinement operators. In: Ram, A., Wiratunga, N., et al. (eds.) ICCBR 2011. LNCS, vol. 6880, pp. 289–303. Springer, Heidelberg (2011)
Sánchez-Ruiz, A.A., Ontañón, S., González-Calero, P.A., Plaza, E.: Refinement-Based Similarity Measure over DL Conjunctive Queries. In: Delany, S.J., Ontañón, S. (eds.) ICCBR 2013. LNCS, vol. 7969, pp. 270–284. Springer, Heidelberg (2013)
Amailef, K., Lu, J.: Ontology-supported case-based reasoning approach for intelligent m-Government emergency response services. Decision Support Systems 55(1), 79–97 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jiang, F., Gu, T., Chang, L., Xu, Z. (2014). Case Retrieval for Network Security Emergency Response Based on Description Logic. In: Shi, Z., Wu, Z., Leake, D., Sattler, U. (eds) Intelligent Information Processing VII. IIP 2014. IFIP Advances in Information and Communication Technology, vol 432. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44980-6_32
Download citation
DOI: https://doi.org/10.1007/978-3-662-44980-6_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44979-0
Online ISBN: 978-3-662-44980-6
eBook Packages: Computer ScienceComputer Science (R0)