Title :
Preprocessor of Intrusion Alerts Correlation Based on Ontology
Author :
Li, Wan ; Tian, ShengFeng
Author_Institution :
Sch. of Comput. & Inf. Technol., Beijing Jiaotong Univ., Beijing
Abstract :
Intrusion detection systems (IDS) often provide a large number and poor quality alerts, which are insufficient to support rapid identification of ongoing attacks or predict an intruderpsilas next likely goal. Several alert correlation techniques have been proposed to facilitate the analysis of intrusion alerts. However, many works directly upon the alerts, they do not distinguish between alerts and intruders´ attack actions. In addition, many works are not grounded on any standard taxonomy, their associated classification schemes are ad hoc and localized. This paper focus on reducing alerts to attack actions with IDMEF and CVE standards in the preprocessor of our intrusion alerts correlation system which is based on ontology. At first, we introduce our intrusion alerts correlation system. Then we present each modules of the preprocessor, they are local preprocessor, IDMEF parser, alert to attack module and attack to ontology module.
Keywords :
XML; grammars; ontologies (artificial intelligence); pattern classification; security of data; CVE standard; IDMEF parser; XML format; classification scheme; intrusion alert correlation system preprocessor; intrusion detection message exchange format; intrusion detection system; ontology module; Data models; Filters; Information technology; Intrusion detection; OWL; Ontologies; Software systems; Standardization; Taxonomy; XML; alerts correlation; intrusion detection; ontology; preprocessor;
Conference_Titel :
Communications and Mobile Computing, 2009. CMC '09. WRI International Conference on
Conference_Location :
Yunnan
Print_ISBN :
978-0-7695-3501-2
DOI :
10.1109/CMC.2009.63
