Using DAML + OIL to classify intrusive behaviours

Knowledge Engineering Review

Volumn 18, Issue 3, 2003, Pages 221-241

  Undercoffer, Jeffrey ^a   Joshi, Anupam ^a   Finin, Tim ^a   Pinkston, John ^a  

^a Baltimore County   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER PROGRAMMING LANGUAGES; INFERENCE ENGINES; INTERNET; KNOWLEDGE BASED SYSTEMS; MATHEMATICAL MODELS;

ANOMALY DETECTORS; COMPUTER ATTACKS; INTRUSION DETECTION SYSTEMS; ONTOLOGY;

COMPUTER SOFTWARE;

EID: 2942530528     PISSN: 02698889     EISSN: None     Source Type: Journal    
DOI: 10.1017/S0269888904000049     Document Type: Article

References (46)

1. Allen, J, Christie, A, Fithen, W, McHugh, J, Pickel, J and Stoner, E, 2000, "State of the practice of intrusion detection technologies" Technical Report 99TR028, Carnegie Mellon Software Engineering Institute.
2. Amoroso, EG, 1994, Fundamentals of Computer Security Technology Prentice-Hall.
3. Anderson, JP, 1980, "Computer security, threat monitoring, and surveillance" Technical report, James P. AndersonCo.
4. Aslam, T, Krusl, I and Spafford, E, 1996, "Use of a taxonomy of security faults" Proceedings of the 19th National Information Systems Security Conference.
5. Boley, D, 1998, "Principal direction divisive partitioning" Data Mining and Knowledge Discovery 4(2) 325-344.
6. Mahalanobis, PC, 1930, "On tests and measures of groups divergence" International Journal of the Asiatic Society of Bengal NN-NN.
7. Curry, D and Debar, H, 2003, "Intrusion detection message exchange format data model and extensible markup language (xm1) document type definition" available at http://www.ietf.org/internet-drafts/draft-ietf- idwg-idmef-xm1-10.txt.
8. Denning, DE, 1987, "An intrusion detection model" IEEE Transactions on Software Engineering 13(2) 222-232.
9. Doyle, J, Kohane, I, Long, W, Shrobe, H and Szolovits, P, 2001, "Event recognition beyond signature and anomaly" 2nd IEEE-SMC Information Assurance Workshop.
10. Eckmann, S, Vigna, G and Kemmerer, R, 2002, "STATL: an attack language for state-based intrusion detection" Journal of Computer Security 10(1/2) 71-104.
11. Fikes, R and McGuinness, DL, 2001, "An axiomatic semantics for RDF, RDF-S, and DAML+OIL" available at http://www.w3.org/TR/daml+oil-axioms.
12. Frank, G, Jenkins, J and Fikes, R, 2003, "JTP: an object oriented modular reasoning system" available at http://kst.stanford.edu/software/ jtp.
13. Friedman-Hill, EJ, 1977, "Jess, the Java Expert System Shell" available at http://herzberg.ca.sandia.gov/jess/docs/52/.
14. Gartner, Inc., 2003, "Gartner information security hype cycle declares intrusion detection systems a market failure".
15. Glass, RL and Vessey, I, 1995, "Contemporary application-domain taxonomies" IEEE Software 63-76.
16. Golub, GH and Loan, CFV, 1989, Matrix Computations The Johns Hopkins University Press.
17. Goubault-Larrecq, J, 2001, "An introduction to LogWeaver (v2.8)" available at http://www.lsv.ens-cachan.fr/~goubault/DICO/tutorial. pdf.
18. Gruber, TF, 1993, "A translation approach to portable ontologies" Knowledge Acquisition 5(2) 199-220.
19. Guha, B and Mukherjee, B, 1997, "Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions" IEEE Networks 40-48.
20. Haarslev, V and Moller, R, 2001, "RACER: Renamed ABox and Concept Expression Reasoner" available at http://www.cs.concordia.ca/~faculty/ haarslev/racer/index.html, June.
21. Haines, JW, Rossey, LM, Lippman, RP and Cunningham, RK, 2001, "Extending the DARPA off-line intrusion detection evaluations" DARPA Information Survivability Conference and Exposition II 1 77-88.
22. Hofmeyr, S, Forrest, S and Somayaji, A, 1998, "Intrusion detection using sequences of system calls" Journal of Computer Security 6 151-180.
23. Horrocks, I, Sattler, U and Tobies, S, 2000, "Reasoning with individuals for the description logic SHIQ" Proceedings of the 17th International Conference on Automated Deduction.
24. Hendler, J, 2001, "DARPA agent markup language+ontology interface layer" available at http://www.daml.org/2001/03/daml+oil-index.
25. Kemmerer, RA and Vigna, G, 2002, "Intrusion detection: a brief history and overview" Security and Privacy: A Supplement to IEEE Computer Magazine 27-30.
26. Kendall, K, 1999, "A database of computer attacks for the evaluation of intrusion detection systems" Master's thesis, MIT.
27. Kopena, J, 2002, "DAMLJessKB" available at http://edge.mcs. drexel.edu/assemblies/software/damljesskb/articles/DAMLJessKB-2002.pdf.
28. Krishnapuram, R, Joshi, A, Nasraoui, O and Yi, L, 2001, "Low-complexity fuzzy relational clustering algorithms for Web mining" IEEE transactions on Fuzzy Systems 9.
29. Krusl, I, 1998, "Software vulnerability analysis" Ph.D. thesis, Purdue.
30. Landwehr, CE, Bull, AR, McDermott, JP and Choi, WS, 1994, "A taxonomy of computer program security flaws" ACM Computing Surveys 26(3) 211-254.
31. Lee, W and Stolfo, SJ, 1998, "Data mining approaches for intrusion detection" Proceedings of the 7th USENIX Security Symposium.
32. Lindqvist, U and Jonsson, E, 1997, "How to systematically classify computer security intrusions" Proceedings of the 1997 IEEE Symposium on Security and Privacy 154-163.
33. Lindqvist, U and Porras, PA, 1999, "Detecting computer and network misuse through the production-based system toolset (p-best)" Proceedings of the 1999 IEEE Symposium on Security and Privacy 146-161.
34. Lippmann, R, Fried, D, Graf, I, Haines, J, Kendall, K, McClung, D, Weber, D, Webster, S, Wyschogrod, D, Cunningham, R and Zissman, M, 2000, "Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation" Proceedings of the DARPA Information Survivability Conference and Exposition, 2000 12-26.
35. McHugh, J, 2000, "Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory" ACM Transactions on Information and System Security VOL(iss) NN-NN.
36. Ning, P, Jajodia, S and Wang, XS, 2001, "Abstraction-based intrusion in distributed environments" ACM Transactions on Information and Systems Security 4(4) 407-452.
37. Raskin, V, Hempelmann, CF, Triezenberg, KE and Nirenburg, S, 2001, "Ontology in information security: a useful theoretical foundation and methodological tool" Proceedings of NSPW-2001 53-59.
38. Roger, M and Goubault-Larrecq, J, 2001, "Log auditing through model checking" Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01) 220-236.
39. Simpson, GG, 1961, Principals of Animal Taxonomy Columbia University Press.
40. Staab, S and Maedche, A, 2000, "Ontology engineering beyond the modeling of concepts and relations" Proceedings of the 14th European Conference on Artificial Intelligence.
41. Undercoffer, J, Perich, P, Cedilnik, A, Kagal, L and Joshi, A, 2003, "A secure infrastructure for service discovery and access in pervasive computing" Mobile Networks and Applications: Special Issue on Security 8(2) 113-126.
42. Undercoffer, J and Pinkston, J, 2002, "An empirical analysis of computer attacks and intrusions" Technical Report TR-CS-03-11, University of Maryland, Baltimore County.
43. W3C, 2003, "Extensible Markup Language" available at http://www.w3c.org/XML/.
44. W3C, 2001, "Extended backus-naur form grammer for n triples", available at http://www.w3.org/2001/sw/RDFCore/ntriples/.
45. Websters, Inc, 1993, Merriam-Webster's Collegiate Dictionary Merriam-Webster, Inc.
46. Wulf, W, 2001, "Statement before the House Science Committee, U.S. House of Representatives, given 10 October.