A System for Cyber Attack Detection Using Contextual Semantics

In this paper, we present a layered cyber-attack detection system with semantics and context capabilities. The described approach has been implemented in a prototype system which uses semantic information about related attacks to infer all possible suspicious network activities from connections between hosts. The relevant attacks generated by semantic techniques are forwarded to context filters that use attack context profiles and host contexts to filter out irrelevant attacks. The prototype system is evaluated on the KDD 1999 intrusion detection dataset, where the experimental results have shown competitive precision and recall values of the system compared with previous approaches.

[1]  Yvan Labiche,et al.  Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases , 2005, PST.

[2]  Xuejiao Liu,et al.  Using Vulnerability Analysis to Model Attack Scenario for Collaborative Intrusion Detection , 2008, 2008 10th International Conference on Advanced Communication Technology.

[3]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[4]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[5]  Ruggero G. Pensa,et al.  A Methodology for Biologically Relevant Pattern Discovery from Gene Expression Data , 2004, Discovery Science.

[6]  Gail-Joon Ahn Guest editorial , 2007, TSEC.

[7]  Ryan A. Rossi,et al.  Signature based intrusion detection using latent semantic analysis , 2008, 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence).

[8]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[9]  V. Vaidehi,et al.  Semantic Intrusion Detection System using pattern matching and state transition analysis , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).

[10]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[11]  J. M. Duarte,et al.  Comparison of similarity coefficients based on RAPD markers in the common bean , 1999 .

[12]  George Karabatis,et al.  Using Semantic Networks and Context in Search for Relevant Software Engineering Artifacts , 2009, J. Data Semant..

[13]  A. Nur Zincir-Heywood,et al.  Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms , 2005, ISI.

[14]  S. Sangeetha,et al.  A Semantics Based Application Level Intrusion Detection System , 2007, 2007 International Conference on Signal Processing, Communications and Networking.

[15]  Kotagiri Ramamohanarao,et al.  Layered Approach Using Conditional Random Fields for Intrusion Detection , 2010, IEEE Transactions on Dependable and Secure Computing.

[16]  John A. Barnden,et al.  Semantic Networks , 1998, Encyclopedia of Social Network Analysis and Mining.

[17]  Lexi Pimenidis,et al.  A Context Aware Network-IDS , 2008 .

[18]  Ruggero G. Pensa,et al.  Assessment of discretization techniques for relevant pattern discovery from gene expression data , 2004, BIOKDD.

[19]  Adam Carlson,et al.  Modeling network intrusion detection alerts for correlation , 2007, ACM Trans. Inf. Syst. Secur..

[20]  Manas Ranjan Patra,et al.  A Comparative Study of Data Mining Algorithms for Network Intrusion Detection , 2008, 2008 First International Conference on Emerging Trends in Engineering and Technology.