Title :
A description logic based approach for IDS security information management
Author :
Yan, Wei ; Hou, Edwin ; Ansari, Nirwan
Author_Institution :
Dept. of Electr. & Comput. Eng., New Jersey Inst. of Technol., Newark, NJ
Abstract :
The upsurge of network distributed denial of service (DDoS) attacks on computer networks demands great effort in network security management. Currently, intrusion detection systems (IDS) are used to secure computer networks. However, IDS may generate a huge volume of alerts, making it hard for security administrators to uncover hidden attack scenarios. In this paper, we propose a description logic-based approach for IDS event semantic analysis, which allows inferring attack scenarios and enabling the attack knowledge semantic queries. With an attack knowledge base consisting of Abox and Tbox, IDS alerts are converted into machine-understandable uniform alert streams. The ontology and attack instances of the attack knowledge base are applied to derive attack scenarios. Then the attack semantic query is implemented by the spreading activation technique, which enables administrators to query the intrusion states of the networks
Keywords :
computer network management; information management; security of data; telecommunication security; Abox; DDoS attacks; IDS event semantic analysis; Tbox; attack knowledge base; computer networks; description logic; intrusion detection systems; intrusion state querying; machine-understandable uniform alert streams; network distributed denial of service; network security management; ontology; security information management; spreading activation technique; Computer network management; Computer security; Data security; Information management; Information security; Intrusion detection; Knowledge representation; Logic; Ontologies; Wide area networks;
Conference_Titel :
Advances in Wired and Wireless Communication, 2005 IEEE/Sarnoff Symposium on
Conference_Location :
Princeton, NJ
Print_ISBN :
0-7803-8854-2
DOI :
10.1109/SARNOF.2005.1426503
