A Description Logic based approach for IDS security information management

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

The upsurge of network Distributed Denial of Service (DDoS) attacks on computer networks demands great effort in network security management Currently, Intrusion Detection Systems (IDSs) are used to secure computer networks. However, IDSs may generate a huge volume of alerts, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a Description Logic-based approach for IDS event semantic analysis, which allows inferring attack scenarios and enabling the attack knowledge semantic queries. With Attack Knowledge Base consisting of Abox and Tbox, IDS alerts are converted into machine-understandable uniform alert streams. The ontology and attack instances of Attack Knowledge Base are applied to derive attack scenarios. Then the attack semantic query is implemented by spreading activation technique, which enables administrators to query the intrusion states of the networks.

Original languageEnglish (US)
Title of host publication2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication
Pages25-28
Number of pages4
DOIs
StatePublished - 2005
Event2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication - Princeton, NJ, United States
Duration: Apr 18 2005Apr 19 2005

Publication series

Name2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication
Volume2005

Other

Other2005 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication
CountryUnited States
CityPrinceton, NJ
Period4/18/054/19/05

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Keywords

  • Description logics
  • Intrusion detection system
  • Network security
  • Security information management

Fingerprint Dive into the research topics of 'A Description Logic based approach for IDS security information management'. Together they form a unique fingerprint.

Cite this