Title :
Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems
Author :
Sadighian, Alireza ; Zargar, Saman Taghavi ; Fernandez, Jose M. ; Lemay, Antoine
Author_Institution :
Dept. of Comput. & Software Eng., Ecole Polytech. de Montreal, Montreal, QC, Canada
Abstract :
One of the fundamental challenges in real-world Intrusion Detection Systems (IDS) is the large number of redundant, non-relevant false positive alerts that they generate. In this paper, we propose an alert fusion approach that incorporates contextual information with the goal of leveraging the benefits of multi-sensor detection while reducing false positives. In order to allow for automated reasoning on the information resources available for the fusion process, we design a set of comprehensive and extensible ontologies, and implemented fusion and detection algorithms as simple rules in Ontologic Web Language Description Logic (OWL-DL), using the Semantic Query-Enhance Web Rule Language (SQWRL). To illustrate and evaluate our approach, we use one of the attack scenarios of the DARPA 2000 dataset. The results obtained show that our approach can reduce false positives, while achieving the same detection rates achieved by using the Snort and ISS RealSecure.
Keywords :
knowledge representation languages; query processing; security of data; ubiquitous computing; DARPA 2000 dataset; OWL-DL; SQWRL; automated reasoning; distributed intrusion detection systems; extensible ontologies; multi sensor detection; ontologic Web language description logic; real-world intrusion detection systems; semantic query-enhance Web rule language; semantic-based context-aware alert fusion; Context; Correlation; Databases; Decision making; Intrusion detection; Ontologies;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2013 International Conference on
Conference_Location :
La Rochelle
DOI :
10.1109/CRiSIS.2013.6766352
