Context and semantics for detection of cyber attacks

Ahmed Aleroud, George Karabatis, Prayank Sharma, Peng He

Research output: Contribution to journalArticlepeer-review

13 Scopus citations

Abstract

This paper presents a novel layered cyber-attack detection approach utilising: 1) semantic relationships between attacks to infer possible related suspicious network activities from connections between hosts; 2) contextual information expressed as attack context profiles on top of semantic relationships. The combined use of context and semantics in intrusion detection results in predicting attacks with higher accuracy while decreasing the number of false positives at the same time. A prototype system has been implemented and experiments have been conducted on it. The results exhibit higher or competitive detection rates compared with other existing approaches.

Original languageEnglish (US)
Pages (from-to)63-92
Number of pages30
JournalInternational Journal of Information and Computer Security
Volume6
Issue number1
DOIs
StatePublished - 2014
Externally publishedYes

Keywords

  • Computer security
  • Context awareness
  • Cyber security
  • Cyber-attack detection
  • Information systems security
  • Intrusion detection
  • Semantic networks

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Context and semantics for detection of cyber attacks'. Together they form a unique fingerprint.

Cite this