Methods and techniques to identify security incidents using domain knowledge and contextual information

Ahmed AlEroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

a recent trend in intrusion detection is toward utilizing knowledge-based IDSs. Knowledge-based IDSs store knowledge about cyber-attacks and possible vulnerabilities and use this knowledge to guide the process of attack prediction. One significant limitation of knowledge-based IDSs is the lack of contextual information and domain knowledge used to detect attacks. Contextual information is not only the configuration on the targeted systems and their vulnerabilities. It also covers semantic relationships between malicious activities. In addition, domain knowledge extracted from taxonomies about those activities is a significant contextual factor in attack identification. To overcome these limitations, this work introduces a novel contextual framework which consists of several attack prediction models that are utilized in conjunction with IDSs to detect cyber-attacks.

Original languageEnglish (US)
Title of host publicationProceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management
EditorsProsper Chemouil, Paulo Simoes, Edmundo Madeira, Stefano Secci, Edmundo Monteiro, Luciano Paschoal Gaspary, Carlos Raniery P. dos Santos, Marinos Charalambides
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1040-1045
Number of pages6
ISBN (Electronic)9783901882890
DOIs
StatePublished - Jul 20 2017
Externally publishedYes
Event15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 - Lisbon, Portugal
Duration: May 8 2017May 12 2017

Publication series

NameProceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

Conference

Conference15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017
Country/TerritoryPortugal
CityLisbon
Period5/8/175/12/17

Keywords

  • Context
  • Cyber Security
  • Data mining
  • Domain knowledge
  • Intrusion detection

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Methods and techniques to identify security incidents using domain knowledge and contextual information'. Together they form a unique fingerprint.

Cite this