Abstract
This paper presents a novel layered cyber-attack detection approach utilising: 1) semantic relationships between attacks to infer possible related suspicious network activities from connections between hosts; 2) contextual information expressed as attack context profiles on top of semantic relationships. The combined use of context and semantics in intrusion detection results in predicting attacks with higher accuracy while decreasing the number of false positives at the same time. A prototype system has been implemented and experiments have been conducted on it. The results exhibit higher or competitive detection rates compared with other existing approaches.
Original language | English (US) |
---|---|
Pages (from-to) | 63-92 |
Number of pages | 30 |
Journal | International Journal of Information and Computer Security |
Volume | 6 |
Issue number | 1 |
DOIs | |
State | Published - 2014 |
Externally published | Yes |
Keywords
- Computer security
- Context awareness
- Cyber security
- Cyber-attack detection
- Information systems security
- Intrusion detection
- Semantic networks
ASJC Scopus subject areas
- Software
- Safety, Risk, Reliability and Quality
- Hardware and Architecture
- Computer Networks and Communications