Ontologies-Based Automated Intrusion Response System

Automated intrusion response is an important problem in network security. Several Automated Intrusion Response Systems (AIRS) have been proposed to take over that task, but current proposals have limitations related to their adaptability to different intrusion sources, since they do not take into account the semantic of intrusion alerts coming from different Intrusion Detection Systems, with different formats and syntaxes. To solve this problem, this paper proposes an architecture for an AIRS based on ontologies, formal behavior specification languages and reasoning mechanisms, which automatically infers and executes the optimum response action when different security-events network detection sources detect security intrusions. This paper describes the system architecture as well as the inference process of the recommended and optimum responses.

[1]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[2]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[3]  L.M. Rossey,et al.  SARA: Survivable Autonomic Response Architecture , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[4]  Bo Lang,et al.  The research on automated intrusion response system based on mobile agents , 2004, 8th International Conference on Computer Supported Cooperative Work in Design.

[5]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[6]  H.Q. Wang,et al.  MAIRF: An Approach to Mobile Agents-based Intrusion Response System , 2006, 2006 1ST IEEE Conference on Industrial Electronics and Applications.

[7]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[8]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[9]  Dieter Fensel,et al.  Knowledge Engineering: Principles and Methods , 1998, Data Knowl. Eng..

[10]  Udo W. Pooch,et al.  Adaptive agent-based intrusion response , 2001 .