A translation approach to portable ontology specifications
Knowledge Acquisition - Special issue: Current issues in knowledge modeling
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Ontology in information security: a useful theoretical foundation and methodological tool
Proceedings of the 2001 workshop on New security paradigms
Fundamentals of Data Structures in C++
Fundamentals of Data Structures in C++
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Validation of Sensor Alert Correlators
IEEE Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
DR-Prolog: A System for Defeasible Reasoning with Rules and Ontologies on the Semantic Web
IEEE Transactions on Knowledge and Data Engineering
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
XSWRL, an Extended Semantic Web Rule Language
IITA '08 Proceedings of the 2008 Second International Symposium on Intelligent Information Technology Application - Volume 01
Intrusion Alerts Correlation Model Based on XSWRL Ontology
IITA '08 Proceedings of the 2008 Second International Symposium on Intelligent Information Technology Application - Volume 01
Description logics for an autonomic IDS event analysis system
Computer Communications
OWL rules: A proposal and prototype implementation
Web Semantics: Science, Services and Agents on the World Wide Web
Mining co-distribution patterns for large crime datasets
Expert Systems with Applications: An International Journal
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Hi-index | 12.05 |
Alert correlation techniques effectively improve the quality of alerts reported by intrusion detection systems, and are sufficient to support rapid identification of ongoing attacks or predict an intruder's next likely goal. In our previous work, an alert correlation approach based on our XSWRL ontology has been proposed. This paper focuses on how to develop the intrusion alerts correlation system according to our alert correlation approach. At first, the multi-agent system architecture consisting of agents and sensors is shown. The sensors collect security relevant information, and the agents process the information. Then we present each modules of the system in detail. The State Sensor collects information about security state and the Local State Agent and Center State Agent preprocess the security state information and convert it to ontology. The Attack Sensor collects information about attack and the Local Alert Agent and Center Alert Agent preprocess the alert information and convert it to ontology. The Attack Correlator correlates the attacks and outputs the attack sessions.