Description logics for an autonomic IDS event analysis system

Authors

W. Yan, Newark College of Engineering
E. Hou, Newark College of Engineering
N. Ansari, Newark College of Engineering

Document Type

Article

Publication Date

9-5-2006

Abstract

Internet has grown by several orders of magnitude in recent years, and this growth has escalated the importance of computer security. Intrusion Detection System (IDS) is used to protect computer networks. However, the overwhelming flow of log data generated by IDS hamper security administrators from uncovering the hidden attack scenarios. Therefore, the autonomic IDS event analysis system is essential to make the IDS console smarter and more efficient. In this paper, we propose an IDS autonomic event analysis system represented by description logics, which allows inferring the attack scenarios and enabling the attack knowledge semantic queries. The modified case grammar PCTCG is used to convert raw alerts into frame-structured alert streams, and the alert semantic network 2-AASN is used to generate the attack scenarios, which can then inform the security administrator. Afterwards, based on the alert contexts, attack scenario instances are extracted, and attack semantic query results on attack scenario instances using spreading activation technique are forwarded to the security administrator. © 2006.

Identifier

33747210407 (Scopus)

Publication Title

Computer Communications

External Full Text Location

https://doi.org/10.1016/j.comcom.2005.10.038

ISSN

01403664

First Page

2841

Last Page

2852

Issue

15

Volume

29

Recommended Citation

Yan, W.; Hou, E.; and Ansari, N., "Description logics for an autonomic IDS event analysis system" (2006). Faculty Publications. 18813.
https://digitalcommons.njit.edu/fac_pubs/18813