Context infusion in semantic link networks to detect cyber-attacks: A flow-based detection approach

Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

Detection of cyber-attacks is a major responsibility for network managers and security specialists. Most existing Network Intrusion Detection systems rely on inspecting individual packets, an increasingly resource consuming task in today's high speed networks due to the overhead associated with accessing packet content. An alternative approach is to detect attack patterns by investigating IP flows. Since analyzing raw data extracted from IP flows lacks the semantic information needed to discover attacks, a novel approach is introduced that utilizes contextual information to semantically reveal cyber-attacks from IP flows. Time, location, and other contextual information mined from network flow data is utilized to create semantic links among alerts raised in response to suspicious flows. The semantic links are identified through an inference process on probabilistic semantic link networks (SLNs). The resulting links are used at run-time to retrieve relevant suspicious activities that represent possible steps in multi-step attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE International Conference on Semantic Computing, ICSC 2014
PublisherIEEE Computer Society
Pages175-182
Number of pages8
ISBN (Print)9781479940028
DOIs
StatePublished - 2014
Externally publishedYes
Event8th IEEE International Conference on Semantic Computing, ICSC 2014 - Newport Beach, CA, United States
Duration: Jun 16 2014Jun 18 2014

Publication series

NameProceedings - 2014 IEEE International Conference on Semantic Computing, ICSC 2014

Conference

Conference8th IEEE International Conference on Semantic Computing, ICSC 2014
Country/TerritoryUnited States
CityNewport Beach, CA
Period6/16/146/18/14

Keywords

  • context
  • contextual information
  • cyber-security
  • Intrusion detection
  • network flows
  • semantic link networks

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Context infusion in semantic link networks to detect cyber-attacks: A flow-based detection approach'. Together they form a unique fingerprint.

Cite this