On Web, Semantics, and Data Mining: Intrusion Detection as a Case Study

Thumbnail Image

Files

502.pdf (93.77 KB)

Links to Files

https://ebiquity.umbc.edu/paper/html/id/68/On-Web-Semantics-and-Data-Mining-Intrusion-Detection-as-a-Case-Study

Permanent Link

http://hdl.handle.net/11603/12306

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2003-05-01

Type of Work

conference papers and proceedings
Text

Department

Program

Citation of Original Publication

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Public Domain Mark 1.0
This is a work of the United States Government. In accordance with 17 U.S.C. 105, no copyright protection is available for such works under U.S. Law.

Subjects

intrusion detection
security
semantic web
UMBC Ebiquity Research Group

Abstract

We examine the intersection of data mining and semantic web in this paper. We briefly identify some points where they can impact one another, and then develop a specific example of intrusion detection, an application of distributed data mining. We have produced an ontology specifying a model of computer attacks. Our model is based upon an analysis of over 4,000 classes of computer attacks and their corresponding attack strategies using data derived from CERT/CC advisories and NIST’s ICAT meta-base. We present our attack model first as a taxonomy and convert it to a target-centric ontology that will be refined and expanded over time. We state the benefits of forgoing dependence upon taxonomies for the classification of computer attacks and intrusions, in favor of ontologies. We illustrate the benefits of utilizing an ontology by comparing a use case scenario of our ontology and the IETF’s Intrusion Detection Exchange Message Format Data Model.