Intrusion Correlation Using Ontologies and Multi-agent Systems

被引：0

作者：

Isaza, Gustavo ^{[1
]}

Castillo, Andres ^{[2
]}

Lopez, Marcelo ^{[1
]}

Castillo, Luis ^{[3
]}

Lopez, Manuel ^{[1
]}

机构：

[1] Univ Caldas, Syst & Informat Dept, St 65 26-10, Manizales, Colombia

[2] Univ Salamanca, Language Informat Syst & Software Engn, Madrid, Spain

[3] Univ Nacl Colombia, Dept Ind Engn, Bogota, Colombia

来源：

INFORMATION SECURITY AND ASSURANCE | 2010年 / 76卷

关键词：

Ontology; Intrusion Detection; Intrusion Prevention; Alert Correlation; Semantic IDS; SECURITY;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper proposes an ontology model for representing intrusion detection events and prevention rules, integrating multiagent systems based on unsupervised and supervised techniques for classification, correlation and pattern recognition. The semantic model describes attacks signatures, reaction tasks, axioms with alerts communication and correlation; nevertheless we have developed the prevention architecture integrated with another security tools. This article focuses on the approach to incorporate semantic operations that facilitate alerts correlation process and providing the inference and reasoning to the ontology model.

引用

页码：51 / +

页数：3

共 23 条

[1]

ALMAMORY S, 2009, INTRUSION DETECTION, P419

[2]

Baader F, 2003, DESCRIPTION LOGIC HANDBOOK: THEORY, IMPLEMENTATION AND APPLICATIONS, P43

[3]

BALASUBRAMANIYA.J, 1998, ARCHITECTURE INTRUSI

[4] Building legal ontologies with METHONTOLOGY and WebODE [J].

Corcho, O ;

Femández-López, M ;

Gómez-Pérez, A ;

López-Cima, A .

LAW AND THE SEMANTIC WEB: LEGAL ONTOLOGIES, METHODOLOGIES, LEGAL INFORMATION RETRIEVAL, AND APPLICATIONS, 2005, 3369 :142-157

[5]

CUPPENS F, 2002, IEEE S SEC PRIV OAKL

[6] An ontology-based approach to react to network attacks [J].

Cuppens-Boulahia, Nora ;

Cuppens, Frederic ;

Lopez de Vergara, Jorge E. ;

Vazquez, Enrique ;

Guerra, Javier ;

Debar, Herve .

CRISIS: 2008 THIRD INTERNATIONAL CONFERENCE ON RISKS AND SECURITY OF INTERNET AND SYSTEMS, PROCEEDINGS, 2008, :27-+

[7]

DARPA, DARPA DARPA INTR DET

[8]

Denker G, 2003, LECT NOTES COMPUT SC, V2870, P335

[9]

Friedman-Hill E., 2009, Jess - The rule engine for the Java platform

[10]

Goldman R, 2009, INT LISP C 2009 ASS

← 1 2 3 →