S-MAIDS: A Semantic Model for Automated Tuning, Correlation, and Response Selection in Intrusion Detection Systems
作者: Chris Strasburg , Samik Basu , Johnny S. Wong
关键词:
摘要: As cyber threats increasingly utilize automated and adaptive attacks to bypass or overwhelm static defenses, the role of intrusion detection response systems (IDRS) as an active defense layer is becoming more critical. To remain effective against current IDRS must be capable automating of, to, in their specific environment. Different operating characteristics, capabilities, actions all contribute make each environment unique, complicating this automation. In work we consider automation three areas: detector tuning, correlation, selection. We motivate present a novel, finely-grained model threats, detectors, responses called S-MAIDS: A Semantic Model Automated Intrusion Detection Systems. Based on concept "signal" (an observable indicator attack), show utility combining such with existing measure performance facilitate cross-system support our claims through several case-studies demonstrating application model, provide OWL ontology.
ieeecomputersociety.org参考文章(15)
Stefan Axelsson, A Preliminary Attempt to Apply Detection and Estimation Theory to Intrusion Detection ,(2007)
David Dagon, Prahlad Fogla, Boris Skoric, Guofei Gu, Wenke Lee, An Information-Theoretic Measure of Intrusion Detection Capability Georgia Institute of Technology. ,(2005)
Deborah L McGuinness, Frank Van Harmelen, None, OWL Web ontology language overview W3C Recommendation. ,(2004)
D.L. Mcguinness, R. Fikes, J. Hendler, L.A. Stein, DAML+OIL: an ontology language for the Semantic Web IEEE Intelligent Systems. ,vol. 17, pp. 72- 80 ,(2002) , 10.1109/MIS.2002.1039835
Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, S. Bagchi, E. Spafford, ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment dependable systems and networks. pp. 508- 517 ,(2005) , 10.1109/DSN.2005.17
A.A. Cardenas, J.S. Baras, K. Seamon, A framework for the evaluation of intrusion detection systems ieee symposium on security and privacy. pp. 63- 77 ,(2006) , 10.1109/SP.2006.2
Anya Kim, Jim Luo, Myong Kang, Security Ontology for Annotating Resources Lecture Notes in Computer Science. pp. 1483- 1499 ,(2005) , 10.1007/11575801_34
Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, Boris Skoric, Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems Computer Security – ESORICS 2006. pp. 527- 546 ,(2006) , 10.1007/11863908_32
Benjamin Morin, Ludovic Mé, Hervé Debar, Mireille Ducassé, A logic-based model to support alert correlation in intrusion detection Information Fusion. ,vol. 10, pp. 285- 299 ,(2009) , 10.1016/J.INFFUS.2009.01.005
Gustavo Gonzalez Granadillo, Yosra Ben Mustapha, Nabil Hachem, Herve Debar, An ontology-driven approach to model SIEM information and operations using the SWRL formalism International Journal of Electronic Security and Digital Forensics. ,vol. 4, pp. 104- 123 ,(2012) , 10.1504/IJESDF.2012.048412