A user-oriented ontology-based approach for network intrusion detection

A new approach is suggested for designing and developing an intrusion detection application where the domain expertise is used for generating it more easily. This approach uses ontologies as a way of grasping the knowledge of a domain, expressing the intrusion detection system much more in terms of the end users domain, generating the intrusion detection more easily and performing intelligent reasoning. Furthermore, ontologies are also used as a conceptual modeling tool allowing a non-expert person to model his/her intrusion detection application only using the concepts of intrusion detection more intuitively and more user-oriented towards his/her domain expertise.

[1]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[2]  Austin Tate,et al.  Artificial Intelligence and Applications (AIA 2004) , 2004 .

[3]  William C. Regli,et al.  DAMLJessKB: A Tool for Reasoning with the Semantic Web , 2003, IEEE Intell. Syst..

[4]  Nicolaas J. I. Mars,et al.  Towards very large knowledge bases, knowledge building and knowledge sharing 1995 , 1995 .

[5]  Timothy W. Finin,et al.  A Target-Centric Ontology for Intrusion Detection , 2003, IJCAI 2003.

[6]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[7]  Anupam Joshi,et al.  On Web, Semantics, and Data Mining: Intrusion Detection as a Case Study , 2003 .

[8]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[9]  Robert E. Filman,et al.  SafeBots: a paradigm for software security controls , 1996, NSPW '96.

[10]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[11]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[12]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[13]  Timothy W. Finin,et al.  Security for DAML Web Services: Annotation and Matchmaking , 2003, SEMWEB.

[14]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[15]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[16]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[17]  Tim Oates,et al.  Automatically Generated DAML Markup for Semistructured Documents , 2003, AMKM.

[18]  Ajith Abraham,et al.  MEPIDS: Multi-Expression Programming for Intrusion Detection System , 2005, IWINAC.

[19]  K. Ciliz,et al.  Host-based intrusion detection by monitoring Windows registry accesses , 2004, Proceedings of the IEEE 12th Signal Processing and Communications Applications Conference, 2004..

[20]  Thomas R. Gruber,et al.  A Translation Approach to Portable Ontologies , 1993 .

[21]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[22]  Hai Jin,et al.  Intrusion detection using adaptive time-dependent finite automata , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[23]  Tak-Chung Fu,et al.  Agent-based network intrusion detection system using data mining approaches , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[24]  Timothy W. Finin,et al.  A Target Centric Ontology for Intrusion Detection: Using DAML+OIL to Classify Intrusive Behaviors , 2004 .

[25]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[26]  Nicola Guarino,et al.  Ontologies and Knowledge Bases. Towards a Terminological Clarification , 1995 .

[27]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[28]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[29]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[30]  Heiner Stuckenschmidt Foreword: ontologies for distributed systems , 2003, Knowl. Eng. Rev..

[31]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[32]  Jan Vitek,et al.  Efficient intrusion detection using automaton inlining , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[33]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[34]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[35]  Sungang Zhangli Guojun Multiple classifiers combination based on protocol analysis for network intrusion detection , 2004, Proceedings 7th International Conference on Signal Processing, 2004. Proceedings. ICSP '04. 2004..

[36]  Jianying Zhou,et al.  Theoretical basis for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[37]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[38]  Gürsel Serpen,et al.  KDD Feature Set Complaint Heuristic Rules for R2L Attack Detection , 2003, Security and Management.

[39]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[40]  Anupam Joshi,et al.  Data Mining, Semantics and Intrusion Detection: What to dig for and Where to find it , 2003 .