Semantic Situational Awareness for Intrusion Detection
January 1, 2011 - December 1, 2015
We are developing a situation-aware intrusion detection system that integrates heterogeneous sources of information to build and maintain a semantically rich knowledge-base about cyber threats and vulnerabilities. Most current intrusion detection and prevention systems rely on signature-based approaches to detect attacks. When an attack signature is not available, such as for a new exploit or a significantly modified known one, such systems are much less effective. Moreover, these intrusion detection systems are point-based solutions which do not make effective use of heterogeneous data sources, which can provide im-portant information related to intrusions which are not yet available as signature patterns. This information can also help detect low-and-slow attacks in which small intrusions that are spatially and temporally apart combine to build a more elaborate attack.
Students
Alumni
Principal Investigator
Publications
2012
- M. L. Mathews, P. Halvorsen, A. Joshi, and T. Finin, "A Collaborative Approach to Situational Awareness for CyberSecurity", InProceedings, 8th IEEE Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, October 2012, 2075 downloads.
- S. More, M. L. Mathews, A. Joshi, and T. Finin, "A Semantic Approach to Situational Awareness for Intrusion Detection", InProceedings, Proceedings of the National Symposium on Moving Target Research, June 2012, 3523 downloads.
- S. More, M. L. Mathews, A. Joshi, and T. Finin, "A Knowledge-Based Approach To Intrusion Detection Modeling", InProceedings, Proceedings of the IEEE Workshop on Semantic Computing and Security, May 2012, 2399 downloads.
2011
- V. Mulwad, W. Li, A. Joshi, T. Finin, and K. Viswanathan, "Extracting Information about Security Vulnerabilities from Web Text", InProceedings, Proceedings of the Web Intelligence for Information Security Workshop, August 2011, 3341 downloads.
2004
- , "Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behavior", PhdThesis, University of Maryland, Baltimore County, February 2004, 7434 downloads.
- A. Joshi, T. Finin, and J. Pinkston, "Using DAML+ OIL to classify intrusive behaviours", Article, Knowledge Engineering Review, January 2004, 1480 downloads, 3 citations.
2003
- A. Joshi, "Data Mining, Semantics and Intrusion Detection: What to dig for and Where to find it", InBook, Next Generation Data Mining, December 2003, 2 citations.
- A. Joshi and J. Pinkston, "Modeling Computer Attacks: An Ontology for Intrusion Detection", InProceedings, The Sixth International Symposium on Recent Advances in Intrusion Detection, September 2003, 4872 downloads, 19 citations.
- J. Pinkston, A. Joshi, and T. Finin, "A Target-Centric Ontology for Intrusion Detection", InProceedings, Workshop on Ontologies in Distributed Systems, held at The 18th International Joint Conference on Artificial Intelligence, July 2003, 1777 downloads, 50 citations.