Abstract
Nowadays new intelligent techniques have been used to improve the intrusion detection process in distributed environments. This paper presents an approach to define an ontology model for representing intrusion detection and prevention events as well as a hybrid intelligent system based on clustering and Artificial Neuronal Networks for classification and pattern recognition. We have specified attacks signatures, reaction rules, asserts, axioms using Ontology Web Language with Description Logic (OWL-DL) with event communication and correlation integrated on Multi-Agent Systems, incorporating supervised and unsupervised models and generating intelligent reasoning.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Undercoffer, J., Finin, T., Joshi, A., Pinkston, J.: A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors. In: Knowledge Engineering Review - Special Issue on Ontologies for Distributed Systems, pp. 2–22. Cambridge University Press, Cambridge (2005)
Mandujano, S., Galvan, A., Nolazco, J.: An ontology-based multiagent approach to outbound intrusion detection. In: The 3rd ACS/IEEE International Conference on Computer Systems and Applications, p. 94 (2005)
Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.: Security for DAML web services: Annotation and matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)
Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., et al.: CIDS: An agent-based intrusion detection system. Computer and Security: Science Direct 24(5), 387–398 (2005)
Herrero, A., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization in Innovations in Hybrid Intelligent Systems, pp. 320–328. Springer, Heidelberg (2008)
Golovko, V., Kachurka, P., Vaitsekhovich, L.: Neural Network Ensembles for Intrusion Detection. In: 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. IDAACS 2007, pp. 578–583 (2007)
Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: 13th International Conference on Image Analysis and Processing - ICIAP, Cagliari, Italy, pp. 50–57 (2005)
Li, K., Teng, G.: Unsupervised SVM Based on p-kernels for Anomaly Detection. In: Proceedings of the First International Conference on Innovative Computing, Information and Control, vol. 2. IEEE Computer Society, Los Alamitos (2006)
Zurutuza, U., Uribeetxeberria, R., Azketa, E., Gil, G., et al.: Combined Data Mining Approach for Intrusion Detection. In: International Conference on Security and Criptography, Barcelona, Spain (2008)
Al-Mamory, S., Zhang, H.: Intrusion detection alarms reduction using root cause analysis and clustering, pp. 419–430. Butterworth-Heinemann (2009)
Jiang, S., Song, X., Wang, H., Han, J., et al.: A clustering-based method for unsupervised intrusion detections, pp. 802–810. Elsevier Science Inc., Amsterdam (2006)
IETF-IDMEF. he Intrusion Detection Message Exchange Format (IDMEF). Consulted (2008), http://www.ietf.org/rfc/rfc4765.txt (2007)
Horrocks, I., Patel-Schneider, P., McGuinness, D.: OWL: a Description Logic Based Ontology Language for the Semantic Web. In: Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F. (eds.) The Description Logic Handbook: Theory, Implementation and Applications, 2nd edn., pp. 458–486. Cambridge University Press, Cambridge (2007)
Corcho, Ó., Fernández-López, M., Gómez-Pérez, A., López-Cima, A.: Building legal ontologies with METHONTOLOGY and webODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. LNCS (LNAI), vol. 3369, pp. 142–157. Springer, Heidelberg (2005)
DARPA. DARPA Intrusion Detection Evaluation, The, DARPA off-line intrusion detection evaluation. LINCOLN LABORATORY Massachusetts Institute of Technology. Consulted (2008), http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html (1999)
Isaza, G., Castillo, A., Duque, N.: An Intrusion Detection and Prevention Model Based on Intelligent Multi-Agent Systems, Signatures and Reaction Rules Ontologies in Advances in Intelligence and Soft Computing. In: Demazeau, Y., et al. (eds.) PAAMS 2009, pp. 237–245. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Isaza, G., Castillo, A., López, M., Castillo, L. (2009). Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-04091-7_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04090-0
Online ISBN: 978-3-642-04091-7
eBook Packages: EngineeringEngineering (R0)