UMBC ebiquity UMBC ebiquity

Semantic Situational Awareness for Intrusion Detection

January 1, 2011 - December 1, 2015

We are developing a situation-aware intrusion detection system that integrates heterogeneous sources of information to build and maintain a semantically rich knowledge-base about cyber threats and vulnerabilities. Most current intrusion detection and prevention systems rely on signature-based approaches to detect attacks. When an attack signature is not available, such as for a new exploit or a significantly modified known one, such systems are much less effective. Moreover, these intrusion detection systems are point-based solutions which do not make effective use of heterogeneous data sources, which can provide im-portant information related to intrusions which are not yet available as signature patterns. This information can also help detect low-and-slow attacks in which small intrusions that are spatially and temporally apart combine to build a more elaborate attack.

cybersecurity, ids, intrusion detection

OWL Tweet

Students

  1. M. Lisa Mathews

Alumni

  1. Sumit More

Principal Investigator

  1. Tim Finin
  2. Anupam Joshi

Publications

2012

  1. M. L. Mathews, P. Halvorsen, A. Joshi, and T. Finin, "A Collaborative Approach to Situational Awareness for CyberSecurity", InProceedings, 8th IEEE Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, October 2012, 2198 downloads.
  2. S. More, M. L. Mathews, A. Joshi, and T. Finin, "A Semantic Approach to Situational Awareness for Intrusion Detection", InProceedings, Proceedings of the National Symposium on Moving Target Research, June 2012, 3731 downloads.
  3. S. More, M. L. Mathews, A. Joshi, and T. Finin, "A Knowledge-Based Approach To Intrusion Detection Modeling", InProceedings, Proceedings of the IEEE Workshop on Semantic Computing and Security, May 2012, 2531 downloads.

2011

  1. V. Mulwad, W. Li, A. Joshi, T. Finin, and K. Viswanathan, "Extracting Information about Security Vulnerabilities from Web Text", InProceedings, Proceedings of the Web Intelligence for Information Security Workshop, August 2011, 3489 downloads.

2004

  1. , "Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behavior", PhdThesis, University of Maryland, Baltimore County, February 2004, 7540 downloads.

2003

  1. A. Joshi, "Data Mining, Semantics and Intrusion Detection: What to dig for and Where to find it", InBook, Next Generation Data Mining, December 2003, 2 citations.
  2. J. Undercoffer, A. Joshi, and J. Pinkston, "Modeling Computer Attacks: An Ontology for Intrusion Detection", InProceedings, The Sixth International Symposium on Recent Advances in Intrusion Detection, September 2003, 5043 downloads, 19 citations.
  3. J. Undercoffer, A. Joshi, T. Finin, and J. Pinkston, "Using DAML+OIL to classify intrusive behaviours", Article, Knowledge Engineering Review, September 2003, 1604 downloads, 3 citations.
  4. J. Pinkston, J. Undercoffer, A. Joshi, and T. Finin, "A Target-Centric Ontology for Intrusion Detection", InProceedings, Proceedings of the IJCAI-03 Workshop on Ontologies and Distributed Systems, July 2003, 1907 downloads, 150 citations.

Research Areas

  1. Context-Aware Computing
  2. Security, Trust and Privacy
  3. Semantic Web