UMBC ebiquity

Semantic Situational Awareness for Intrusion Detection

Status: Past project

Project Description:
We are developing a situation-aware intrusion detection system that integrates heterogeneous sources of information to build and maintain a semantically rich knowledge-base about cyber threats and vulnerabilities. Most current intrusion detection and prevention systems rely on signature-based approaches to detect attacks. When an attack signature is not available, such as for a new exploit or a significantly modified known one, such systems are much less effective. Moreover, these intrusion detection systems are point-based solutions which do not make effective use of heterogeneous data sources, which can provide im-portant information related to intrusions which are not yet available as signature patterns. This information can also help detect low-and-slow attacks in which small intrusions that are spatially and temporally apart combine to build a more elaborate attack.

Start Date: January 2011

End Date: December 2015

Principal Investigator:
Tim Finin
Anupam Joshi

M. Lisa Mathews

Sumit More

Tags: cybersecurity, ids, intrusion detection


There are 9 associated publications:  Hide the list...

9 Refereed Publications


1. M. Lisa Mathews et al., "A Collaborative Approach to Situational Awareness for CyberSecurity", InProceedings, 8th IEEE Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, October 2012, 1114 downloads.

2. Sumit More et al., "A Semantic Approach to Situational Awareness for Intrusion Detection", InProceedings, Proceedings of the National Symposium on Moving Target Research, June 2012, 1834 downloads.

3. Sumit More et al., "A Knowledge-Based Approach To Intrusion Detection Modeling", InProceedings, Proceedings of the IEEE Workshop on Semantic Computing and Security, May 2012, 1602 downloads.


4. Varish Mulwad et al., "Extracting Information about Security Vulnerabilities from Web Text", InProceedings, Proceedings of the Web Intelligence for Information Security Workshop, August 2011, 2212 downloads.


5. J. Undercofer, "Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behavior", PhdThesis, University of Maryland, Baltimore County, February 2004, 6631 downloads.

6. J. Undercofer et al., "Using DAML+ OIL to classify intrusive behaviours", Article, Knowledge Engineering Review, January 2004, 440 downloads.


7. J. Undercofer et al., "Data Mining, Semantics and Intrusion Detection: What to dig for and Where to find it", InBook, Next Generation Data Mining, December 2003.

8. J. Undercofer et al., "Modeling Computer Attacks: An Ontology for Intrusion Detection", InProceedings, The Sixth International Symposium on Recent Advances in Intrusion Detection, September 2003, 3403 downloads.

9. J. Undercofer et al., "A Target-Centric Ontology for Intrusion Detection", InProceedings, Workshop on Ontologies in Distributed Systems, held at The 18th International Joint Conference on Artificial Intelligence, July 2003, 813 downloads.


There are 0 associated resources:  Hide the list...


Research Areas:
 Context-Aware Computing
 Security, Trust and Privacy
 Semantic Web