@inproceedings{c4e50cdfb7e04a92a2b3fb147f2fa587,
title = "Context infusion in semantic link networks to detect cyber-attacks: A flow-based detection approach",
abstract = "Detection of cyber-attacks is a major responsibility for network managers and security specialists. Most existing Network Intrusion Detection systems rely on inspecting individual packets, an increasingly resource consuming task in today's high speed networks due to the overhead associated with accessing packet content. An alternative approach is to detect attack patterns by investigating IP flows. Since analyzing raw data extracted from IP flows lacks the semantic information needed to discover attacks, a novel approach is introduced that utilizes contextual information to semantically reveal cyber-attacks from IP flows. Time, location, and other contextual information mined from network flow data is utilized to create semantic links among alerts raised in response to suspicious flows. The semantic links are identified through an inference process on probabilistic semantic link networks (SLNs). The resulting links are used at run-time to retrieve relevant suspicious activities that represent possible steps in multi-step attacks.",
keywords = "Intrusion detection, context, contextual information, cyber-security, network flows, semantic link networks",
author = "Ahmed Aleroud and George Karabatis",
year = "2014",
doi = "10.1109/ICSC.2014.29",
language = "English (US)",
isbn = "9781479940028",
series = "Proceedings - 2014 IEEE International Conference on Semantic Computing, ICSC 2014",
publisher = "IEEE Computer Society",
pages = "175--182",
booktitle = "Proceedings - 2014 IEEE International Conference on Semantic Computing, ICSC 2014",
note = "8th IEEE International Conference on Semantic Computing, ICSC 2014 ; Conference date: 16-06-2014 Through 18-06-2014",
}