Context and semantics for detection of cyber attacks

Authors:
Ahmed Aleroud;George Karabatis;Prayank Sharma;Peng He
Affiliations:
Department of Information Systems, University of Maryland, Baltimore County UMBC, 1000 Hilltop Circle, Baltimore, MD, USA;Department of Information Systems, University of Maryland, Baltimore County UMBC, 1000 Hilltop Circle, Baltimore, MD, USA;Department of Information Systems, University of Maryland, Baltimore County UMBC, 1000 Hilltop Circle, Baltimore, MD, USA;Department of Information Systems, University of Maryland, Baltimore County UMBC, 1000 Hilltop Circle, Baltimore, MD, USA
Venue:
International Journal of Information and Computer Security
Year:
2014

Citing 11
Cited 0

Probabilistic reasoning in intelligent systems: networks of plausible inference

Probabilistic reasoning in intelligent systems: networks of plausible inference
Causality: models, reasoning, and inference

Causality: models, reasoning, and inference
Representing TCP/IP Connectivity For Topological Analysis of Network Security

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Location management in pervasive systems

ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Modeling network intrusion detection alerts for correlation

ACM Transactions on Information and System Security (TISSEC)
Using Semantic Networks and Context in Search for Relevant Software Engineering Artifacts

Journal on Data Semantics XIV
Layered Approach Using Conditional Random Fields for Intrusion Detection

IEEE Transactions on Dependable and Secure Computing
The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
An operational definition of context

CONTEXT'07 Proceedings of the 6th international and interdisciplinary conference on Modeling and using context
An Empirical Evaluation of Similarity Coefficients for Binary Valued Data

International Journal of Data Warehousing and Mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a novel layered cyber-attack detection approach utilising: 1 semantic relationships between attacks to infer possible related suspicious network activities from connections between hosts; 2 contextual information expressed as attack context profiles on top of semantic relationships. The combined use of context and semantics in intrusion detection results in predicting attacks with higher accuracy while decreasing the number of false positives at the same time. A prototype system has been implemented and experiments have been conducted on it. The results exhibit higher or competitive detection rates compared with other existing approaches.