Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems

2013 International Conference on Risks and Security of Internet and Systems, CRiSIS 2013

Volumn , Issue , 2013, Pages

  Sadighian, Alireza ^a   Zargar, Saman Taghavi ^b   Fernandez, José M ^a   Lemay, Antoine ^a  

^a ÉCOLE POLYTECHNIQUE DE MONTRÉAL   (Canada)

^b UNIVERSITY OF PITTSBURGH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; DATA DESCRIPTION; SECURITY OF DATA; SEMANTICS;

ATTACK SCENARIOS; AUTOMATED REASONING; CONTEXTUAL INFORMATION; DETECTION ALGORITHM; DISTRIBUTED INTRUSION DETECTION SYSTEMS; INFORMATION RESOURCE; INTRUSION DETECTION SYSTEMS; MULTI-SENSOR DETECTION;

SEMANTIC WEB;

EID: 84899419846     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CRiSIS.2013.6766352     Document Type: Conference Paper

References (26)

1. C. Thomas, and N. Balakrishnan, Improvement in intrusion detection with advances in sensor fusion, IEEE Trans. on Information Forensics and Security, Vol. 4, pp. 542-551, 2009.
2. C. Siaterlis and B. Maglaris. Towards multisensor data fusion for DoS detection, ACM Symp. on Applied computing. ACM, pp. 439-446, 2004.
3. R. Perdisci, G. Gu, and W. Lee, Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems, IEEE Int. Conf. on Data Mining (ICDM'06), 2006.
4. M. Wozniak, Classifier Fusion Based on Weighted Voting-Analytical and Experimental Results, IEEE Intelligent Systems Design and Applications (ISDA), 2008.
5. S. Raudys, and F. Roli, The behavior knowledge space fusion method: Analysis of generalization error and strategies for performance improvement, Multiple Classifier Systems, pp. 160-160, 2003.
6. N.B. Amor, S. Benferhat, and Z. Elouedi, Näve bayesvs decision trees in intrusion detection systems, ACM Symp. on Applied computing, pp. 420-424, 2004.
7. W. Hu, J. Li, and Q. Gao, Intrusion Detection Engine on Dempster-Shafer's Theory of Evidence, Int. Conf. on Communications, Circuits and Systems, Vol. 3, pp. 1627-1631, 2006.
8. A.P.F. Chan, W.W.Y. Ng, D.S. Yeung, and E.C.C. Tsang, Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN, Int. Conf. on Machine Learning and Cybernetics, Vol. 6, 2005.
9. F. Valeur, G. Vigna, C. Kruegel, and R.A. Kemmerer, A comprehensive approach to intrusion detection alert correlation, IEEE Trans. on dependable and secure computing, pp. 146-169, 2004.
10. B. Zhu, and A.A. Ghorbani, Alert correlation for extracting attack strategies, Int. J. of Network Security, Vol. 3, No. 3, pp. 244-258, 2006.
11. G. Gu, A. Ćardenas, and W. Lee, Principled reasoning and practical applications of alert fusion in intrusion detection systems, ACM Symp. on Information, computer and communications security, pp. 136-147, 2008.
12. F. Gagnon, F. Massicotte, and B. Esfandiari, Using Contextual Information for IDS Alarm Classification, Conf. on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), pp. 147-156, 2009.
13. S. Sinha, F. Jahanian, and J.M. Patel, WIND: workload-aware INtrusion detection, Int. conference on Recent Advances in Intrusion Detection (RAID), pp. 290-310, 2006.
14. A. Vorobiev, and N. Bekmamedova, An ontology-driven approach applied to information security, J. of Research and Practice in Information Technology, Vol. 42, No. 1, 2010.
15. L. Coppolino, S. DAntonio, I. Elia, and L. Romano, From intrusion detection tointrusion detection and diagnosis: An ontology-based approach, Software Technologies for Embedded and Ubiquitous Systems, pp. 192-202, 2009.
16. J.A. Wang, and M. Guo, OVM: An ontology for vulnerability management, Work. on Cyber Security and Information Intelligence Research, pp. 1-4, ACM, 2009.
17. M. Roesch, Snort-lightweight intrusion detection for networks, 13th USENIX Conf. on System administration, 1999.
18. H. Debar, D.A. Curry, and B.S. Feinstein, The intrusion detection message exchange format (IDMEF), 2007.
19. K. Zaraska, Prelude IDS: current state and development perspectives, [online] http://www.prelude-ids. org/download/misc/pingwinaria/2003/paper.pdf.
20. C. Nyulas, M. O'Connor, and S. Tu, Datamastera plug-in for importing schemas and data from relational databases into protege., 10th Int. Prot́eǵe Conf., 2007.
21. B. Parsia, and E. Sirin, Pellet: An owl dl reasoner, 3rd Int. Semantic Web Conf.-Poster, page 18, 2004.
22. E. Friedman-Hill et al., Jess, the rule engine for the java platform, 2003.
23. M. O'Connor and A.K. Das, SQWRL: A query language for owl, 6th OWL: Experiences and Directions Work. (OWLED2009), 2009.
24. MIT Lincoln Laboratory, 2000 DARPA intrusion detection scenario specific data sets, 2000.
25. S. T. Zargar, J. Joshi, and D. Tipper, A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks, IEEE Communications Surveys &Tutorials, vol.PP, no.99, pp. 1-24.
26. North Carolina State University Cyber Defense Laboratory, Tiaa: A toolkit for intrusion alert analysis, [online] http://discovery.csc.ncsu.edu/software/ correlator/ver0.4/index.html.