Situation Aware Intrusion Detection Model
by Sumit More
Thursday, April 19, 2012, 13:00pm - Thursday, April 19, 2012, 14:00pm
ITE 325 B
Growing importance of the underlying information technology infrastructure of every business, media and manufacturing domains have led to increasing events of unauthorized infrastructure access, denial-of-service attacks, and stealing of valuable data. Intrusion Detection Systems (IDS) are applications which monitor cyber-systems to identify any malicious activities, generate an alert when such an activity is detected, and redress the problem if possible. Most of the intrusion detection/prevention systems available today are based on rule-based or signature-based activity monitoring which detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These Intrusion Detection Systems (IDS) face limitations in detecting newly published attacks or variants of existing attacks. Co-relating information coming from multiple data channels by semantic linkage can lead to a better threat detection model. Data source of web including blogs, chat-rooms, forums etc. can be a good source of information for upcoming attacks or attacks whose signatures have not yet been tracked for the intrusion detection systems to catch. Semantic integration of the data sources from web, information from IDS/IPS modules, and the expert knowledge can lead to a ‘Situation Aware Intrusion Detection Model’ which can lead to better intrusion detection and prevention results. In this work, we present a ‘Situation Aware Intrusion Detection Model’ which makes use of semantic web technologies to build ontological relationships between the information gathered from the web, sensor data coming from IDS/IPS modules and network activity monitors, in-order to detect possibility of a cyber threat/vulnerability.