TY - GEN
T1 - A Description Logic based approach for IDS security information management
AU - Yan, Wei
AU - Hou, Edwin
AU - Ansari, Nirwan
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2005
Y1 - 2005
N2 - The upsurge of network Distributed Denial of Service (DDoS) attacks on computer networks demands great effort in network security management Currently, Intrusion Detection Systems (IDSs) are used to secure computer networks. However, IDSs may generate a huge volume of alerts, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a Description Logic-based approach for IDS event semantic analysis, which allows inferring attack scenarios and enabling the attack knowledge semantic queries. With Attack Knowledge Base consisting of Abox and Tbox, IDS alerts are converted into machine-understandable uniform alert streams. The ontology and attack instances of Attack Knowledge Base are applied to derive attack scenarios. Then the attack semantic query is implemented by spreading activation technique, which enables administrators to query the intrusion states of the networks.
AB - The upsurge of network Distributed Denial of Service (DDoS) attacks on computer networks demands great effort in network security management Currently, Intrusion Detection Systems (IDSs) are used to secure computer networks. However, IDSs may generate a huge volume of alerts, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a Description Logic-based approach for IDS event semantic analysis, which allows inferring attack scenarios and enabling the attack knowledge semantic queries. With Attack Knowledge Base consisting of Abox and Tbox, IDS alerts are converted into machine-understandable uniform alert streams. The ontology and attack instances of Attack Knowledge Base are applied to derive attack scenarios. Then the attack semantic query is implemented by spreading activation technique, which enables administrators to query the intrusion states of the networks.
KW - Description logics
KW - Intrusion detection system
KW - Network security
KW - Security information management
UR - http://www.scopus.com/inward/record.url?scp=33746614435&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33746614435&partnerID=8YFLogxK
U2 - 10.1109/SARNOF.2005.1426503
DO - 10.1109/SARNOF.2005.1426503
M3 - Conference contribution
AN - SCOPUS:33746614435
SN - 0780388542
SN - 9780780388543
T3 - 2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication
SP - 25
EP - 28
BT - 2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication
T2 - 2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication
Y2 - 18 April 2005 through 19 April 2005
ER -