UMBC ebiquity

Modeling Computer Attacks: An Ontology for Intrusion Detection

Authors: J. Undercofer, Anupam Joshi, and John Pinkston

Book Title: The Sixth International Symposium on Recent Advances in Intrusion Detection

Date: September 16, 2003

Abstract: We state the benefits of transitioning from taxonomies to ontologies and ontology specification languages, which are able to simultaneously serve as recognition, reporting and correlation languages. We have produced an ontology specifying a model of computer attack using the DARPA Agent Markup Language+Ontology Inference Layer, a descriptive logic language. The ontologyrsquos logic is implemented using DAMLJessKB. We compare and contrast the IETFrsquos IDMEF, an emerging standard that uses XML to define its data model, with a data model constructed using DAML+OIL. In our research we focus on low level kernel attributes at the process, system and network levels, to serve as those taxonomic characteristics. We illustrate the benefits of utilizing an ontology by presenting use case scenarios within a distributed intrusion detection system.

Type: InProceedings

Edition: LNCS-2516

Publisher: Springer

Tags: security, semantic web, intrusion detection, ontology

Google Scholar: search

Number of Google Scholar citations: 19 [show citations]

Number of downloads: 3182

 

Available for download as


size: 240967 bytes
 

Related Projects:

Past Project

 Semantic Situational Awareness for Intrusion Detection.