摘要
This paper applies Ontology of knowledge engineering into the Distributed Intrusion Detection System. By using Ontology of network security, a whole conceptual view has been created in the system, provides some feasible methods to the detection engine cooperation and knowledge representation for the detection engine, which are the most urgent problems of intrusion detection system. An ontological model of net security is presented according to the outline of IDS, then the conception and attributes of three essentials in IDS (information assets, attacker, attack) are described step by step. Detection engine inherit the concepts from class of Ontology model and use these concepts to compose domain knowledge. Finally, on the Ontology DIDS system, the attack of TCP serial number intercept has been detected. It shows that the system can effectively detect the attack and explains the method designed in this system is feasible.
| 源语言 | 英语 |
|---|---|
| 页(从-至) | 105-109 |
| 页数 | 5 |
| 期刊 | Sichuan Daxue Xuebao (Gongcheng Kexue Ban)/Journal of Sichuan University (Engineering Science Edition) |
| 卷 | 37 |
| 期 | 3 |
| 出版状态 | 已出版 - 5月 2005 |