Abstract
In recent years, cyber-attacks have emerged and these attacks result in serious consequences. In order to overcome these consequences, a fully-functioning and performance-improved intrusion detections systems are required. For this purpose, we used ontologies to provide semantic expressiveness and knowledge description for an intrusion detection system. In this work, a host intrusion detection system is implemented by using ontologies. The proposed system scans for malwares running on the operating system. Also, services and processes that are working on the system are scanned, and results are compared with the malware database. If any match occurs, the proposed system displays a malware list that matches with the information of that malware and where it is running. The proposed ontology based intrusion detection system aims to reduce the search time for malware scanning and to improve the performance of intrusion detection systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Facebook Osquery, SQL powered operating system instrumentation, monitoring, and analytics. https://github.com/facebook/osquery. Accessed 08 July 2017
Symantec: Security Response. https://www.symantec.com/security_response/landing/azlisting.jsp. Accessed 08 July 2017
Undercoffer, J., Joshi, A., Pinkston, J.: Modeling computer attacks: an ontology for intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45248-5_7
DAML + OIL Reference Description Homepage. https://www.w3.org/TR/daml+oil-reference. Accessed 08 July 2017
OWL2 Homepage. https://www.w3.org/TR/owl2-overview/. Accessed 08 July 2017
Khairkar, A.D.: Intrusion Detection System based on Ontology for Web Applications. Dissertation, Master of Technology, Computer Engineering, Department of Computer Engineering and Information Technology College of Engineering, Pune (2013)
Turner, C., Rolston, J., Richards, D., Joseph, A.: A rule status monitoring algorithm for rule-based intrusion detection and prevention systems. Procedia Comput. Sci. 95, 361–368 (2016)
Deshmukh, R., Deshmukh, R., Manoj Sharma, M.: Rule-based and cluster-based intrusion detection technique for wireless sensor network. Int. J. Comput. Sci. Mobile Comput. 2(6), 200–208 (2013)
Gruber, T.R.: A translation approach to portable ontologies. Knowl. Acquisition 5(2), 199–220 (1993)
Noy, N.F., McGuinness, D.L.: Ontology Development 101: A Guide to Creating Your First Ontology. http://protege.stanford.edu/publications/ontology_development/ontology101.pdf. Accessed 08 July 2017
Apache Jena Homepage. https://jena.apache.org. Accessed 08 July 2017
Kaitoy Pcap4J: A Java library for capturing, crafting, and sending packets. https://github.com/kaitoy/pcap4j. Accessed 08 July 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Can, O., Unalir, M.O., Sezer, E., Bursa, O., Erdogdu, B. (2017). An Ontology Based Approach for Host Intrusion Detection Systems. In: Garoufallou, E., Virkus, S., Siatri, R., Koutsomiha, D. (eds) Metadata and Semantic Research. MTSR 2017. Communications in Computer and Information Science, vol 755. Springer, Cham. https://doi.org/10.1007/978-3-319-70863-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-70863-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70862-1
Online ISBN: 978-3-319-70863-8
eBook Packages: Computer ScienceComputer Science (R0)