Situation Aware Intrusion Detection Model
May 10, 2012
Today, information technology and cyber services have become the foundation pillars of every business and manufacturing industry. The importance of cyber-services and their extensive use by every section of society has paved the way for cyber crimes like espionage, politically motivated attacks, credit card frauds, unauthorized infrastructure access, denial-of-service attacks, and stealing of valuable data. Intrusion Detection Systems (IDS) are applications that monitor cyber-systems to identify any malicious activities, generate an alert when such an activity is detected, and redress the problem if possible. Most of the intrusion detection/prevention systems available today are based on rule-based or signature-based activity monitoring, which detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These Intrusion Detection Systems (IDS) face limitations in detecting newly published attacks or variants of existing attacks. They are also point solutions that focus on a single system/component. We argue that integrating information from multiple data channels can lead to a better threat detection model. The data sources of the Web, including blogs, chat rooms, forums, etc., can be a good source of information for upcoming attacks or attacks whose signatures have not yet been tracked for the intrusion detection systems to catch. Semantic integration of the data sources from the web, information from IDS/IPS modules at the network and host level, and the expert knowledge can be used to create a 'Situation Aware Intrusion Detection Model', which can lead to better intrusion detection and prevention results. In this work, we present such a system that makes use of semantic web technologies to find relationships between the information gathered from the web, sensor data coming from IDS/IPS modules and network activity monitors, and reasons over this data and expert provided rules in order to detect the possibility of a cyber attack.
University of Maryland, Baltimore County
Downloads: 57 downloads