Abstract
In this paper, we present a layered cyber-attack detection system with semantics and context capabilities. The described approach has been implemented in a prototype system which uses semantic information about related attacks to infer all possible suspicious network activities from connections between hosts. The relevant attacks generated by semantic techniques are forwarded to context filters that use attack context profiles and host contexts to filter out irrelevant attacks. The prototype system is evaluated on the KDD 1999 intrusion detection dataset, where the experimental results have shown competitive precision and recall values of the system compared with previous approaches.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sowa, J.: Semantic Networks. In: Shapiro, S.C. (ed.) Encyclopedia of Artificial Intelligence, pp. 1493–1511. Wiley, New York (1992)
Sowa, J.: Semantic Networks, http://www.jfsowa.com/pubs/semnet.htm
Knowledge discovery in databases DARPA archive. Task Description, http://www.kdd.ics.uci.edu/databases/kddcup99/task.html
Shannon, C.: The Mathematical Theory of Communication. University of Illinois Press (1949)
McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2001)
Kayacik, G., Zincir, A.: Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms. In: IEEE Intelligence and Security Informatics, Atlanta, USA (2005)
Karabatis, G., Chen, Z., Janeja, V.P., Lobo, T., Advani, M., Lindvall, M., Feldmann, R.L.: Using Semantic Networks and Context in Search for Relevant Software Engineering Artifacts. In: Spaccapietra, S., Delcambre, L. (eds.) Journal on Data Semantics XIV. LNCS, vol. 5880, pp. 74–104. Springer, Heidelberg (2009)
Duarte, J., Dos, S., Melo, L.: Comparison of Similarity Coefficients Based On Rapid Markers In The Common Bean. Genetics and Molecular Biology 22(3), 427–432 (1999)
Pensa, R., Leschi, C., Besson, J., Boulicaut, J.: Assessment of Discretization Techniques For Relevant Pattern Discovery From Gene Expression Data. In: 4th Workshop on Data Mining in Bioinformatics (2004)
Güneş, A., Nur, Z., Malcolm, I.: Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99. In: Third Annual Conference on Privacy, Security and Trust, PST, Canada (2005)
Kumar, K., Nath, B., Kotagiri, R.: Layered Approach Using Conditional Random Fields for Intrusion Detection. IEEE Transactions on Dependable and Secure Computing 7(1), 35–49 (2010)
Weka Data mining and machine learning software, http://www.cs.waikato.ac.nz/ml/weka/
Konstanz Information Miner, http://www.knime.org/
IBM Internet Security Systems, http://xforce.iss.net/xforce/xfdb/588
National Vulnerability Database, http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
Mrutyunjaya, P., Manas, R.: A Comparative Study of Data Mining Algorithms for Network Intrusion Detection. In: First International Conference on Emerging Trends in Engineering and Technology, pp. 505–507 (2008)
Wei, Y.: Semantic Approach for Attack Knowledge Extraction in Intrusion Detection Systems. In: 29th Annual IEEE International Conference on Local Computer Networks (2004)
Vaidehil, V., Srinivasan, N., Anand, P., Balajil, A., Prashanthl, V., Sangeethal, S.: A Semantics Based Application Level Intrusion Detection System. In: International Conference on Signal Processing, Communications and Networking (2007)
Ganesh, K., Sekar, M., Vaidehi, V.: Semantic Intrusion Detection System Using Pattern Matching and State Transition Analysis. In: International Conference in Recent Trends in Information Technology (2011)
Lassez, J., Rossi, R., Sheel, S., Mukkamala, S.: Signature Based Intrusion Detection using Latent Semantic Analysis. In: IEEE International Joint Conference on Computational Intelligence, pp. 1068–1074 (2008)
Lexi, P., Benedikt, W., Volker, W.: A Context Aware Network-IDS. In: 13th Nordic Workshop on Secure IT Systems, NordSec Copenhagen, Denmark (2008)
Frédéric, M., Mathieu, C., Lionel, B., Yvan, L.: Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases. In: Third Annual Conference on Privacy, Security and Trust, Fredericton, New Brunswick, Canada (2005)
Liu, X., Xiao, D.: Using Vulnerability Analysis to Model Attack Scenario for Collaborative Intrusion Detection. In: 10th International Conference on Advanced Communication Technology, pp. 1273–1277 (2008)
Zhou, J., Heckman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling Network Intrusion Detection Alerts For Correlation. ACM Transactions and Information System Security 10(1), 1–31 (2007)
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network using maximum entropy estimation. In: ACM SIG-COMM Conference on Internet Measurement, pp. 345–351 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
AlEroud, A., Karabatis, G. (2013). A System for Cyber Attack Detection Using Contextual Semantics. In: Uden, L., Herrera, F., Bajo Pérez, J., Corchado Rodríguez, J. (eds) 7th International Conference on Knowledge Management in Organizations: Service and Cloud Computing. Advances in Intelligent Systems and Computing, vol 172. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30867-3_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-30867-3_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30866-6
Online ISBN: 978-3-642-30867-3
eBook Packages: EngineeringEngineering (R0)