Description logics for an autonomic IDS event analysis system

Authors:
W. Yan;E. Hou;N. Ansari
Affiliations:
Department of Electrical and Computer Engineering, New Jersey Institution of Technology, Newark, NJ 07102, USA;Department of Electrical and Computer Engineering, New Jersey Institution of Technology, Newark, NJ 07102, USA;Department of Electrical and Computer Engineering, New Jersey Institution of Technology, Newark, NJ 07102, USA
Venue:
Computer Communications
Year:
2006

Citing 13
Cited 2

Word association norms, mutual information, and lexicography

Computational Linguistics
Ontology in information security: a useful theoretical foundation and methodological tool

Proceedings of the 2001 workshop on New security paradigms
Information retrieval on the semantic web

Proceedings of the eleventh international conference on Information and knowledge management
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Querying the Semantic Web: A Formal Approach

ISWC '02 Proceedings of the First International Semantic Web Conference on The Semantic Web
The analysis of noun sequences using semantic information extracted from on-line dictionaries

The analysis of noun sequences using semantic information extracted from on-line dictionaries
Retrieving collocations from text: Xtract

Computational Linguistics - Special issue on using large corpora: I
A hybrid approach for searching in the semantic web

Proceedings of the 13th international conference on World Wide Web
Extracting Attack Knowledge Using Principal-Subordinate Consequence Tagging Case Grammar and Alerts Semantic Networks

LCN '04 Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks
Why NLP should move into IAS

COLING-Roadmap '02 Proceedings of the 2002 COLING workshop: A roadmap for computational linguistics - Volume 13
The Description Logic Handbook

The Description Logic Handbook
M2D2: a formal data model for IDS alert correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

An ontology-based intrusion alerts correlation system

Expert Systems with Applications: An International Journal
Multi-stage change-point detection scheme for large-scale simultaneous events

Computer Communications

Quantified Score

Hi-index	0.25

Visualization

Abstract

Internet has grown by several orders of magnitude in recent years, and this growth has escalated the importance of computer security. Intrusion Detection System (IDS) is used to protect computer networks. However, the overwhelming flow of log data generated by IDS hamper security administrators from uncovering the hidden attack scenarios. Therefore, the autonomic IDS event analysis system is essential to make the IDS console smarter and more efficient. In this paper, we propose an IDS autonomic event analysis system represented by description logics, which allows inferring the attack scenarios and enabling the attack knowledge semantic queries. The modified case grammar PCTCG is used to convert raw alerts into frame-structured alert streams, and the alert semantic network 2-AASN is used to generate the attack scenarios, which can then inform the security administrator. Afterwards, based on the alert contexts, attack scenario instances are extracted, and attack semantic query results on attack scenario instances using spreading activation technique are forwarded to the security administrator.