An ontology-based approach to react to network attacks

Cuppens-Boulahia, Nora; Cuppens, Frédéric; Vergara, Jorge E. López de; Vazquez, Enrique Alvarez; Guerra, Javier; Debar, Hervé

doi:10.1109/crisis.2008.4757461

Cited by 20 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Considering the amount of research efforts targeting this area with a focus on the use of ontologies and a resource dependency graph [17,2,16,7], we will incorporate some of the introduced methods in our system in the future.…”

Section: Evaluation By System Administratorsmentioning

confidence: 99%

Towards cost-sensitive assessment of intrusion response selection

Stakhanova

Strasburg

Basu

et al. 2012

JCS

View full text Add to dashboard Cite

In recent years, cost-sensitive intrusion response has gained significant interest mainly due to its emphasis on the balance between potential damage incurred by the intrusion and cost of the response. However, one of the challenges in applying this approach is defining consistent and adaptable measurements of these cost factors on the basis of requirements and policy of the system being protected against intrusions.In this paper we present a framework for the cost-sensitive selection of intrusion response. Specifically, we introduce a set of measurements that characterize potential costs associated with the intrusion handling process and propose evaluation method of intrusion response with respect to the risk of potential intrusion damage, effectiveness of response action and response cost for a system. We provide an implementation of the proposed solution as a plugin tool for Snort IDS and demonstrate its advantages on DARPA data set and real network traffic.

show abstract

Section: Evaluation By System Administratorsmentioning

confidence: 99%

Towards cost-sensitive assessment of intrusion response selection

Stakhanova

Strasburg

Basu

et al. 2012

JCS

View full text Add to dashboard Cite

show abstract

“…One system that utilizes ontology to aid in intrusion detection is the Reaction after Detection (ReD) Project [4]. The primary goal of ReD was to determine the most appropriate reaction, both short and long term, to an identified attack.…”

Section: Related Workmentioning

confidence: 99%

An ontology-based system to identify complex network attacks

Frye

Cheng

Heflin

2012

2012 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

“…The ontology and the inference engine were used as an event aggregation language to confirm the existence of an attack on a wired network. Cuppens-Boulahia et al [16] presented an approach to react to network attacks using an ontology to store policy information and to generate new security models. The policy information models can be combined to prove the instantiation of the policies.…”

Section: Ontologymentioning

confidence: 99%

Applying an Ontology to a Patrol Intrusion Detection System for Wireless Sensor Networks

Hsieh

Chen

Huang

2014

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

With the increasing application of wireless sensor networks (WSN), the security requirements for wireless sensor network communications have become critical. However, the detection mechanisms of such systems impact the effectiveness of the entire network. In this paper, we propose a lightweight ontology-based wireless intrusion detection system (OWIDS). The system applies an ontology to a patrol intrusion detection system (PIDS). A PIDS is used to detect anomalies via detection knowledge. The system constructs the relationship of the sensor nodes in an ontology to enhance PIDS robustness. The sensor nodes preload comparison methods without detection knowledge. The system transfers a portion of the detection knowledge to detect anomalies. The memory requirement of a PIDS is lower than that of other methods which preload entire IDS. Finally, the isolation tables prevent repeated detection of an anomaly. The system adjusts detection knowledge until it converges. The experimental results show that OWIDS can reduce IDS (intrusion detection system) energy consumption.

show abstract

An ontology-based approach to react to network attacks

Cited by 20 publications

References 11 publications

Towards cost-sensitive assessment of intrusion response selection

Towards cost-sensitive assessment of intrusion response selection

An ontology-based system to identify complex network attacks

Applying an Ontology to a Patrol Intrusion Detection System for Wireless Sensor Networks

Contact Info

Product

Resources

About