Ontology-based modeling of DDoS attacks for attack plan detection

This paper proposes an effective approach to model DDoS attacks, and its application to recognize attack plans prior to the actual incident. The goals of this study are, firstly model DDoS attacks, their prerequisites and consequences using semantic representation in order to provide description logic of DDoS attacks; and secondly, propose an ontology-based solution which detects potential DDoS attacks using inference over observing knowledge provided by sensory inputs. Unlike other ontologies in network attack domains, proposed ontology is generated automatically using well-known taxonomies like CAPEC, CWE, and CVE datasets. Proposed method not only introduces semantic to exchange knowledge between machines, but also provides a framework by which machine can detect intrusions.

[1]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[2]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[3]  Anupam Joshi,et al.  Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.

[4]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[5]  Lee M. Rossey,et al.  Extending the DARPA off-line intrusion detection evaluations , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Wenke Lee,et al.  Attack plan recognition and prediction using causal networks , 2004, 20th Annual Computer Security Applications Conference.

[7]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[8]  Yongdae Kim,et al.  A machine learning framework for network anomaly detection using SVM and GA , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[9]  Timothy W. Finin,et al.  A Target Centric Ontology for Intrusion Detection: Using DAML+OIL to Classify Intrusive Behaviors , 2004 .

[10]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[11]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[12]  Eugene H. Spafford,et al.  Use of A Taxonomy of Security Faults , 1996 .

[13]  Robert A. Martin Being Explicit About Security Weaknesses , 2007 .

[14]  Amit P. Sheth,et al.  OntoQA: Metric-Based Ontology Quality Analysis , 2005 .

[15]  Hua Tang,et al.  Machine Learning-based Intrusion Detection Algorithms , 2009 .

[16]  S. Barnum Attack Patterns: Knowing Your Enemy in Order to Defeat Them , 2007 .

[17]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[18]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[19]  Huang Ning,et al.  Structure-Based Ontology Evaluation , 2006, 2006 IEEE International Conference on e-Business Engineering (ICEBE'06).

[20]  D. Curry,et al.  Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition , 2004 .

[21]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.