SOID: An Ontology for Agent-Aided Intrusion Detection

Martin, Francisco J.; Plaza, Enric

doi:10.1007/978-3-540-45224-9_165

Francisco J. Martin⁹ &
Enric Plaza¹⁰

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 2773))

Included in the following conference series:

International Conference on Knowledge-Based and Intelligent Information and Engineering Systems

1212 Accesses

Abstract

We introduce SOID, a Simple Ontology for Intrusion Detection, that allows an agent-aided intrusion detection tool called Alba (ALert BArrage) to reason about computer security incidents at a higher level of abstraction than most current intrusion detection systems do.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 74.99; Price excludes VAT (USA)

Softcover Book: USD 99.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Co, Fort Whanington, PA, USA (1980)
Google Scholar
Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security 3, 186–205 (2000)
Google Scholar
White, M.G.B., Fisch, E.A., Pooch, U.W.: Cooperating security managers: A peer-based intrusion detection system. IEEE Network 10, 20–23 (1996)
Google Scholar
Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34, 547–570 (2000)
Article Google Scholar
Carver, C.A., Hill, J.M., Surdu, J.R., Pooch, U.W.: A methodology for using intelligent agents to provide automated intrusion response. In: Proc. of the IEEE Workshop on Information Assurance and Security, West Point, NY, pp. 110–116 (2000)
Google Scholar
Gorodetski, V.I., Popyack, L.J., Kotenko, I.V., Skormin, V.A.: Ontology-based multi-agent model of information security system. In: Zhong, N., Skowron, A., Ohsuga, S. (eds.) RSFDGrC 1999. LNCS (LNAI), vol. 1711, pp. 528–532. Springer, Heidelberg (1999)
Chapter Google Scholar
Stevens, R., Bechhofer, S., Goble, C.: Ontology-based Knowledge Representation for Bioinformatics. Briefings in Bioinformatics 1 (2000)
Google Scholar
Arcos, J., Plaza, E.: Inference and reflection in the object-centered representation language Noos. Journal of Future Generation Computer Systems 12, 173–188 (1996)
Google Scholar
Goldman, R.P., Heimerdinger, W., Harp, S.A., Geib, C.W., Thomas, V., Carter, R.L.: Information modeling for intrusion report aggregation. In: DICEX (2001)
Google Scholar
Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Technical Report SAND98-8667, Sandia National Laboratories (1998)
Google Scholar
Martin, F.J., Plaza, E.: Case-based sequence analysis for intrusion detection (2003) (Submitted)
Google Scholar
Morin, B., Mé, L., Debar, H., Ducassé, M.: M2d2: A formal data model for ids alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 115–137. Springer, Heidelberg (2002)
Chapter Google Scholar
Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to INFOSEC alarm correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 95–114. Springer, Heidelberg (2002)
Chapter Google Scholar
Ning, P., Jajodia, S., Wang, X.S.: Abstraction-based intrusion detection in distributed environments. ACM Transactions on Information and System Security 4, 407–452 (2001)
Article Google Scholar
Undercoffer, J., Pinkston, J.: Modeling computer attacks: A target-centric ontology for intrusion detection. In: CADIP Research Symposium (2002)
Google Scholar
Raskin, V., Hempelmann, C.F., Triezenberg, K.E., Nirenburg, S.: Ontology in information security: a useful theoretical foundation and methodological tool. In: Proc. Workshop on New Security Paradigms, pp. 53–59. ACM Press, New York (2001)
Google Scholar
Noel, S.: Development of a cyber-defense ontology. Center for Secure Information Systems George Mason University, Fairfax, Virginia (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Electrical Engineering and Computer Science, Oregon State University, Corvallis, 97331, OR, USA
Francisco J. Martin
IIIA – Artificial Intelligence Research Institute, CSIC – Spanish Council for Scientific Research, Campus UAB, 08193, Bellaterra, Catalonia, Spain
Enric Plaza

Authors

Francisco J. Martin
View author publications
You can also search for this author in PubMed Google Scholar
Enric Plaza
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Computing Laboratory, Oxford University, Parks Road, OXI 3QD, United Kingdom
Vasile Palade
Intelligent Systems and Signal Processing Labs, Moulsecoomb, University of Brighton, BN2 4GJ, Brighton, United Kingdom
Robert J. Howlett
Knowledge-Based Intelligent Engineering Systems Centre, Mawson Lakes, University of South Australia, 5095, Adelaide, SA, Australia
Lakhmi Jain

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Martin, F.J., Plaza, E. (2003). SOID: An Ontology for Agent-Aided Intrusion Detection. In: Palade, V., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2003. Lecture Notes in Computer Science(), vol 2773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45224-9_165

Download citation

DOI: https://doi.org/10.1007/978-3-540-45224-9_165
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40803-1
Online ISBN: 978-3-540-45224-9
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics