Abstract
Automated intrusion response is an important problem in network security. Several Automated Intrusion Response Systems (AIRS) have been proposed to take over that task, but current proposals have limitations related to their adaptability to different intrusion sources, since they do not take into account the semantic of intrusion alerts coming from different Intrusion Detection Systems, with different formats and syntaxes. To solve this problem, this paper proposes an architecture for an AIRS based on ontologies, formal behavior specification languages and reasoning mechanisms, which automatically infers and executes the optimum response action when different security-events network detection sources detect security intrusions. This paper describes the system architecture as well as the inference process of the recommended and optimum responses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Symantec Global Internet Security Threat Report. Trends for 2008, vol. XIV (2009)
Carver, C.A.: Adaptive Agent-Based Intrusion Response. Ph.D. Thesis, Texas A&M University (2001)
Foo, B., Wu, Y.-S., Mao, Y.-C., Bagchi, S., Spafford, E.: ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment. In: International Conference on Dependable Systems and Networks (DSN 2005), pp. 508–517 (2005)
Wang, Z.Q., Zhao, Q., Wang, H.Q., Yu, L.J.: MAIRF: An Approach Mobile Agents based Intrusion Response System. In: Proceedings of the 1st IEEE Conference on Industrial Electronics and Applications, pp. 1–4 (2006)
Lewandowski, S.M., VanHook, D.J., O’Leary, G.C., Haines, J.W., Rossey, L.M.: SARA: Survivable Autonomic Response Architecture. In: Proceedings of DARPA Information Survivability Conference & Exposition II. DISCEX 2001, vol. 1, pp. 77–88. IEEE Computer Society, Anaheim (2001)
White, G.B., Fisch, E.A., Pooch, U.W.: Cooperating security managers: a peer-based intrusion detection system. IEEE Network, 20–23 (1996)
Porras, P.A., Neumann, P.G.: Emerald: Event monitoring enabling responses to anomalous live disturbances. In: NISSC, Baltimore, MD (1997)
Stakhanova, N., Basu, S., Wong, J.: A Cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, AINA 2007, pp. 428–435. IEEE Computer Society, Washington (2007)
Lang, B., Liu, J., Zheng, J.: The Research on Automated Intrusion Response System Based on Mobile Agents. In: Proceedings of the 8th International Conference on Computer Supported Cooperative Work in Design (2003)
Studer, R., Benjamins, V.R., Fensel, D.: Knowledge Engineering: Principles and Methods. Data & Knowledge Engineering 25, 161–197 (1998)
Smith, K., Welty, C., McGuinness, D.L.: OWL Web Ontology Language Guide. W3C Recommendation, February 10 (2004)
Horrocks, P.F., Patel-Schneider, H., Boley, S., Tabet, B., Dean Grosof, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Submission (2004)
Bossam Rule/OWL Reasoner, http://bossam.wordpress.com (access date June 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lanchas, V.M., González, V.A.V., Bueno, F.R. (2010). Ontologies-Based Automated Intrusion Response System. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds) Computational Intelligence in Security for Information Systems 2010. Advances in Intelligent and Soft Computing, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16626-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-16626-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16625-9
Online ISBN: 978-3-642-16626-6
eBook Packages: EngineeringEngineering (R0)