Application of ontology in network intrusion detection system

Xiao Chuan Jing; Chang Zhen Hu; Hui Min Tan

Application of ontology in network intrusion detection system

Xiao Chuan Jing^*, Chang Zhen Hu, Hui Min Tan

^*Corresponding author for this work

School of Cyberspace Science and Technology

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

Abstract

This paper applies Ontology of knowledge engineering into the Distributed Intrusion Detection System. By using Ontology of network security, a whole conceptual view has been created in the system, provides some feasible methods to the detection engine cooperation and knowledge representation for the detection engine, which are the most urgent problems of intrusion detection system. An ontological model of net security is presented according to the outline of IDS, then the conception and attributes of three essentials in IDS (information assets, attacker, attack) are described step by step. Detection engine inherit the concepts from class of Ontology model and use these concepts to compose domain knowledge. Finally, on the Ontology DIDS system, the attack of TCP serial number intercept has been detected. It shows that the system can effectively detect the attack and explains the method designed in this system is feasible.

Original language	English
Pages (from-to)	105-109
Number of pages	5
Journal	Sichuan Daxue Xuebao (Gongcheng Kexue Ban)/Journal of Sichuan University (Engineering Science Edition)
Volume	37
Issue number	3
Publication status	Published - May 2005

Keywords

Cooperation
Intrusion detection
Ontology

Cite this

@article{422ec309a6984871b03c8e120c95b940,

title = "Application of ontology in network intrusion detection system",

abstract = "This paper applies Ontology of knowledge engineering into the Distributed Intrusion Detection System. By using Ontology of network security, a whole conceptual view has been created in the system, provides some feasible methods to the detection engine cooperation and knowledge representation for the detection engine, which are the most urgent problems of intrusion detection system. An ontological model of net security is presented according to the outline of IDS, then the conception and attributes of three essentials in IDS (information assets, attacker, attack) are described step by step. Detection engine inherit the concepts from class of Ontology model and use these concepts to compose domain knowledge. Finally, on the Ontology DIDS system, the attack of TCP serial number intercept has been detected. It shows that the system can effectively detect the attack and explains the method designed in this system is feasible.",

keywords = "Cooperation, Intrusion detection, Ontology",

author = "Jing, {Xiao Chuan} and Hu, {Chang Zhen} and Tan, {Hui Min}",

year = "2005",

month = may,

language = "English",

volume = "37",

pages = "105--109",

journal = "Sichuan Daxue Xuebao (Gongcheng Kexue Ban)/Journal of Sichuan University (Engineering Science Edition)",

issn = "1009-3087",

publisher = "Editorial Department of Journal of Sichuan University",

number = "3",

}

TY - JOUR

T1 - Application of ontology in network intrusion detection system

AU - Jing, Xiao Chuan

AU - Hu, Chang Zhen

AU - Tan, Hui Min

PY - 2005/5

Y1 - 2005/5

N2 - This paper applies Ontology of knowledge engineering into the Distributed Intrusion Detection System. By using Ontology of network security, a whole conceptual view has been created in the system, provides some feasible methods to the detection engine cooperation and knowledge representation for the detection engine, which are the most urgent problems of intrusion detection system. An ontological model of net security is presented according to the outline of IDS, then the conception and attributes of three essentials in IDS (information assets, attacker, attack) are described step by step. Detection engine inherit the concepts from class of Ontology model and use these concepts to compose domain knowledge. Finally, on the Ontology DIDS system, the attack of TCP serial number intercept has been detected. It shows that the system can effectively detect the attack and explains the method designed in this system is feasible.

AB - This paper applies Ontology of knowledge engineering into the Distributed Intrusion Detection System. By using Ontology of network security, a whole conceptual view has been created in the system, provides some feasible methods to the detection engine cooperation and knowledge representation for the detection engine, which are the most urgent problems of intrusion detection system. An ontological model of net security is presented according to the outline of IDS, then the conception and attributes of three essentials in IDS (information assets, attacker, attack) are described step by step. Detection engine inherit the concepts from class of Ontology model and use these concepts to compose domain knowledge. Finally, on the Ontology DIDS system, the attack of TCP serial number intercept has been detected. It shows that the system can effectively detect the attack and explains the method designed in this system is feasible.

KW - Cooperation

KW - Intrusion detection

KW - Ontology

UR - http://www.scopus.com/inward/record.url?scp=20544440412&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:20544440412

SN - 1009-3087

VL - 37

SP - 105

EP - 109

JO - Sichuan Daxue Xuebao (Gongcheng Kexue Ban)/Journal of Sichuan University (Engineering Science Edition)

JF - Sichuan Daxue Xuebao (Gongcheng Kexue Ban)/Journal of Sichuan University (Engineering Science Edition)

IS - 3

ER -

Application of ontology in network intrusion detection system

Abstract

Keywords

Other files and links

Fingerprint

Cite this