A Description Logic based approach for IDS security information management

Authors

Wei Yan, Newark College of Engineering
Edwin Hou, Newark College of Engineering
Nirwan Ansari, Newark College of Engineering

Document Type

Conference Proceeding

Publication Date

12-1-2005

Abstract

The upsurge of network Distributed Denial of Service (DDoS) attacks on computer networks demands great effort in network security management Currently, Intrusion Detection Systems (IDSs) are used to secure computer networks. However, IDSs may generate a huge volume of alerts, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a Description Logic-based approach for IDS event semantic analysis, which allows inferring attack scenarios and enabling the attack knowledge semantic queries. With Attack Knowledge Base consisting of Abox and Tbox, IDS alerts are converted into machine-understandable uniform alert streams. The ontology and attack instances of Attack Knowledge Base are applied to derive attack scenarios. Then the attack semantic query is implemented by spreading activation technique, which enables administrators to query the intrusion states of the networks.

Identifier

33746614435 (Scopus)

ISBN

[0780388542, 9780780388543]

Publication Title

2005 IEEE Sarnoff Symposium on Advances in Wired and Wireless Communication

External Full Text Location

https://doi.org/10.1109/SARNOF.2005.1426503

First Page

25

Last Page

28

Volume

2005

Recommended Citation

Yan, Wei; Hou, Edwin; and Ansari, Nirwan, "A Description Logic based approach for IDS security information management" (2005). Faculty Publications. 19407.
https://digitalcommons.njit.edu/fac_pubs/19407