UMBC ebiquity

On Web, Semantics, and Data Mining: Intrusion Detection as a Case Study

Authors: Anupam Joshi

Book Title: Proceedings of the NSF Workshop on Next Generation Data Mining

Date: May 01, 2003

Abstract: We examine the intersection of data mining and semantic web in this paper. We briefly identify some points where they can impact one another, and then develop a specific example of intrusion detection, an application of distributed data mining. We have produced an ontology specifying a model of computer attacks. Our model is based upon an analysis of over 4,000 classes of computer attacks and their corresponding attack strategies using data derived from CERT/CC advisories and NIST’s ICAT meta-base. We present our attack model first as a taxonomy and convert it to a target-centric ontology that will be refined and expanded over time. We state the benefits of forgoing dependence upon taxonomies for the classification of computer attacks and intrusions, in favor of ontologies. We illustrate the benefits of utilizing an ontology by comparing a use case scenario of our ontology and the IETF’s Intrusion Detection Exchange Message Format Data Model.

Type: InProceedings

Tags: semantic web, security, intrusion detection

Google Scholar: dOWx4N1h8eAJ

Number of Google Scholar citations: 4 [show citations]

Number of downloads: 2473

 

Available for download as


size: 96025 bytes
 

Related Projects:

Past Project

 Intrusion Detection.