Semantic Situational Awareness for Intrusion Detection

January 1, 2011 - December 1, 2015

We are developing a situation-aware intrusion detection system that integrates heterogeneous sources of information to build and maintain a semantically rich knowledge-base about cyber threats and vulnerabilities. Most current intrusion detection and prevention systems rely on signature-based approaches to detect attacks. When an attack signature is not available, such as for a new exploit or a significantly modified known one, such systems are much less effective. Moreover, these intrusion detection systems are point-based solutions which do not make effective use of heterogeneous data sources, which can provide im-portant information related to intrusions which are not yet available as signature patterns. This information can also help detect low-and-slow attacks in which small intrusions that are spatially and temporally apart combine to build a more elaborate attack.

cybersecurity, ids, intrusion detection

OWL Tweet

Students

  1. M. Lisa Mathews

Alumni

  1. Sumit More

Principal Investigator

  1. Tim Finin
  2. Anupam Joshi

Publications

2012

  1. M. L. Mathews, P. Halvorsen, A. Joshi, and T. Finin, "A Collaborative Approach to Situational Awareness for CyberSecurity", InProceedings, 8th IEEE Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, October 2012, 1955 downloads.
  2. S. More, M. L. Mathews, A. Joshi, and T. Finin, "A Semantic Approach to Situational Awareness for Intrusion Detection", InProceedings, Proceedings of the National Symposium on Moving Target Research, June 2012, 3319 downloads.
  3. S. More, M. L. Mathews, A. Joshi, and T. Finin, "A Knowledge-Based Approach To Intrusion Detection Modeling", InProceedings, Proceedings of the IEEE Workshop on Semantic Computing and Security, May 2012, 2227 downloads.

2011

  1. V. Mulwad, W. Li, A. Joshi, T. Finin, and K. Viswanathan, "Extracting Information about Security Vulnerabilities from Web Text", InProceedings, Proceedings of the Web Intelligence for Information Security Workshop, August 2011, 3144 downloads.

2004

  1. , "Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behavior", PhdThesis, University of Maryland, Baltimore County, February 2004, 7340 downloads.
  2. A. Joshi, T. Finin, and J. Pinkston, "Using DAML+ OIL to classify intrusive behaviours", Article, Knowledge Engineering Review, January 2004, 1369 downloads, 3 citations.

2003

  1. A. Joshi, "Data Mining, Semantics and Intrusion Detection: What to dig for and Where to find it", InBook, Next Generation Data Mining, December 2003, 2 citations.
  2. A. Joshi and J. Pinkston, "Modeling Computer Attacks: An Ontology for Intrusion Detection", InProceedings, The Sixth International Symposium on Recent Advances in Intrusion Detection, September 2003, 4706 downloads, 19 citations.
  3. J. Pinkston, A. Joshi, and T. Finin, "A Target-Centric Ontology for Intrusion Detection", InProceedings, Workshop on Ontologies in Distributed Systems, held at The 18th International Joint Conference on Artificial Intelligence, July 2003, 1623 downloads, 50 citations.