Situation Aware Intrusion Detection Model
This item is restricted to only allow viewing of the metadata.
Title
Situation Aware Intrusion Detection Model
Author
More , Sumit Surendra
Advisors
Joshi , Anupam ;
Program
Computer Science
UMBC Department
Computer Science and Electrical Engineering
Document Type
thesis
Sponsors
University of Maryland , Baltimore County (UMBC)
Keywords
Information Extraction ; Intrusion Detection ; Ontology ; Semantic Web
Date Issued
2012-01-01
Abstract
Today , information technology and cyber-services have become the foundation pillars of every business and manufacturing industry . The importance of cyber-services and their extensive use by every section of the society has paved the way for cyber-crimes like espionage , politically motivated attacks , credit card frauds , unauthorized infrastructure access , denial-of-service attacks , and stealing of valuable data . Intrusion Detection Systems (IDS) are applications which monitor cyber-systems to identify any malicious activities , generate an alert when such an activity is detected , and redress the problem if possible . Most of the intrusion detection/prevention systems available today are based on rule-based or signature based activity monitoring which detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases . These Intrusion Detection Systems (IDS) face limitations in detecting newly published attacks or variants of existing attacks . They are also point solutions that focus on a single system/component . We argue that integrating information coming from multiple data channels can lead to a better threat detection model . Data source of web including blogs , chat-rooms , forums etc. can be a good source of information for upcoming attacks or attacks whose signatures have not yet been tracked for the intrusion detection systems to catch . Semantic integration of the data sources from web , information from IDS/IPS modules at the network and host level , and the expert knowledge can be used to create a `Situation Aware Intrusion Detection Model ' which can lead to better intrusion detection and prevention results . In this work , we present such a system which makes use of semantic web technologies to find relationships between the information gathered from the web , sensor data coming from IDS/IPS modules and network activity monitors , and reasons over this data and expert provided rules in-order to detect possibility of a cyber attack .
Identifier
10667
Format
application:pdf
Language
en
Collection
UMBC Thesis and Dissertations .
Rights Statement
This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll@umbc.edu.
Source
More_umbc_0434M_10667.pdf
Access Rights
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan through a local library, pending author/copyright holder's permission.
Add tags for Situation Aware Intrusion Detection Model
Your comment:
Your Name:
...
