From using description logics to handling inconsistency in cooperative intrusion detection

Cooperative intrusion detection consists in using several IDS and other analyzers in order to supply an overview of the system under consideration. In this case, the definition of a shared vocabulary describing the different information is prominent. Since these pieces of information are structured, we propose in this paper to use description logics which ensure the reasoning decidability. Besides, the analyzers used in cooperative intrusion detection are not totally reliable. Consequently, the cooperation could easily generate conflicts or inconsistencies. We propose in this paper to handle these inconsistencies using the so-called partial lexicographic inference.

[1]  Christine Golbreich,et al.  The Foundational Model of Anatomy in OWL: Experience and Perspectives , 2006, OWLED.

[2]  Hervé Debar,et al.  La détection d'intrusions : les outils doivent coopérer : La sécurité des systèmes d'information , 2001 .

[3]  Hervé Debar,et al.  A logic-based model to support alert correlation in intrusion detection , 2009, Inf. Fusion.

[4]  Tharam S. Dillon,et al.  Protein Ontology Development using OWL , 2005, OWLED.

[5]  Frédéric Cuppens,et al.  Managing alerts in a multi-intrusion detection environment , 2001, Seventeenth Annual Computer Security Applications Conference.

[6]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..

[7]  Maurizio Lenzerini,et al.  Description Logics for Databases , 2003, Description Logic Handbook.

[8]  Andrea Preite-Martinez,et al.  An ontology of sstronomical object types for the Virtual Observatory , 2006 .

[9]  Peter F. Patel-Schneider,et al.  The Generation of DAML+OIL , 2001, Description Logics.

[10]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[11]  Alice M. Mulvehill,et al.  Experiences Using OWL in Military Applications , 2005, OWLED.

[12]  Nora Cuppens-Boulahia,et al.  An ontology-based approach to react to network attacks , 2009, Int. J. Inf. Comput. Secur..

[13]  Ian Horrocks,et al.  OIL: An Ontology Infrastructure for the Semantic Web , 2001, IEEE Intell. Syst..

[14]  Hervé Debar,et al.  A serial combination of anomaly and misuse IDSes applied to HTTP traffic , 2004, 20th Annual Computer Security Applications Conference.

[15]  Nora Cuppens-Boulahia,et al.  An ontology-based approach to react to network attacks , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[16]  Odile Papini,et al.  A Lexicographic Inference for Partially Preordered Belief Bases , 2008, KR.

[17]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[18]  Deborah L. McGuinness,et al.  Conceptual modelling for configuration: A description logic-based approach , 1998, Artificial Intelligence for Engineering Design, Analysis and Manufacturing.

[19]  Ian Horrocks,et al.  FaCT++ Description Logic Reasoner: System Description , 2006, IJCAR.

[20]  Gert Smolka,et al.  Attributive Concept Descriptions with Complements , 1991, Artif. Intell..

[21]  John Goodwin Experiences of Using OWL at the Ordnance Survey , 2005, OWLED.

[22]  Tadeusz Pietraszek,et al.  Data mining and machine learning - Towards reducing false positives in intrusion detection , 2005, Inf. Secur. Tech. Rep..

[23]  Anupam Joshi,et al.  Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.

[24]  Cui Zhen Cooperative Intrusion Detection Based on K-SVD , 2011 .

[25]  Robert G. Raskin,et al.  Knowledge representation in the semantic web for Earth and environmental terminology (SWEET) , 2005, Comput. Geosci..