Methods and techniques to identify security incidents using domain knowledge and contextual information

Ahmed AlEroud; George Karabatis

doi:10.23919/INM.2017.7987435

Methods and techniques to identify security incidents using domain knowledge and contextual information

Ahmed AlEroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

a recent trend in intrusion detection is toward utilizing knowledge-based IDSs. Knowledge-based IDSs store knowledge about cyber-attacks and possible vulnerabilities and use this knowledge to guide the process of attack prediction. One significant limitation of knowledge-based IDSs is the lack of contextual information and domain knowledge used to detect attacks. Contextual information is not only the configuration on the targeted systems and their vulnerabilities. It also covers semantic relationships between malicious activities. In addition, domain knowledge extracted from taxonomies about those activities is a significant contextual factor in attack identification. To overcome these limitations, this work introduces a novel contextual framework which consists of several attack prediction models that are utilized in conjunction with IDSs to detect cyber-attacks.

Original language	English (US)
Title of host publication	Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management
Editors	Prosper Chemouil, Paulo Simoes, Edmundo Madeira, Stefano Secci, Edmundo Monteiro, Luciano Paschoal Gaspary, Carlos Raniery P. dos Santos, Marinos Charalambides
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1040-1045
Number of pages	6
ISBN (Electronic)	9783901882890
DOIs	https://doi.org/10.23919/INM.2017.7987435
State	Published - Jul 20 2017
Externally published	Yes
Event	15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 - Lisbon, Portugal Duration: May 8 2017 → May 12 2017

Publication series

Name	Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

Conference

Conference	15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017
Country/Territory	Portugal
City	Lisbon
Period	5/8/17 → 5/12/17

Keywords

Context
Cyber Security
Data mining
Domain knowledge
Intrusion detection

ASJC Scopus subject areas

Computer Networks and Communications
Hardware and Architecture
Information Systems and Management

Access to Document

10.23919/INM.2017.7987435

Cite this

AlEroud, A., & Karabatis, G. (2017). Methods and techniques to identify security incidents using domain knowledge and contextual information. In P. Chemouil, P. Simoes, E. Madeira, S. Secci, E. Monteiro, L. P. Gaspary, C. R. P. dos Santos, & M. Charalambides (Eds.), Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management (pp. 1040-1045). [7987435] (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/INM.2017.7987435

Methods and techniques to identify security incidents using domain knowledge and contextual information. / AlEroud, Ahmed; Karabatis, George.
Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. ed. / Prosper Chemouil; Paulo Simoes; Edmundo Madeira; Stefano Secci; Edmundo Monteiro; Luciano Paschoal Gaspary; Carlos Raniery P. dos Santos; Marinos Charalambides. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1040-1045 7987435 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

AlEroud, A & Karabatis, G 2017, Methods and techniques to identify security incidents using domain knowledge and contextual information. in P Chemouil, P Simoes, E Madeira, S Secci, E Monteiro, LP Gaspary, CRP dos Santos & M Charalambides (eds), Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management., 7987435, Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management, Institute of Electrical and Electronics Engineers Inc., pp. 1040-1045, 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017, Lisbon, Portugal, 5/8/17. https://doi.org/10.23919/INM.2017.7987435

AlEroud A, Karabatis G. Methods and techniques to identify security incidents using domain knowledge and contextual information. In Chemouil P, Simoes P, Madeira E, Secci S, Monteiro E, Gaspary LP, dos Santos CRP, Charalambides M, editors, Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1040-1045. 7987435. (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management). doi: 10.23919/INM.2017.7987435

AlEroud, Ahmed ; Karabatis, George. / Methods and techniques to identify security incidents using domain knowledge and contextual information. Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. editor / Prosper Chemouil ; Paulo Simoes ; Edmundo Madeira ; Stefano Secci ; Edmundo Monteiro ; Luciano Paschoal Gaspary ; Carlos Raniery P. dos Santos ; Marinos Charalambides. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1040-1045 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management).

@inproceedings{63fcb6d43edf4a5299fd01fe872de168,

title = "Methods and techniques to identify security incidents using domain knowledge and contextual information",

abstract = "a recent trend in intrusion detection is toward utilizing knowledge-based IDSs. Knowledge-based IDSs store knowledge about cyber-attacks and possible vulnerabilities and use this knowledge to guide the process of attack prediction. One significant limitation of knowledge-based IDSs is the lack of contextual information and domain knowledge used to detect attacks. Contextual information is not only the configuration on the targeted systems and their vulnerabilities. It also covers semantic relationships between malicious activities. In addition, domain knowledge extracted from taxonomies about those activities is a significant contextual factor in attack identification. To overcome these limitations, this work introduces a novel contextual framework which consists of several attack prediction models that are utilized in conjunction with IDSs to detect cyber-attacks.",

keywords = "Context, Cyber Security, Data mining, Domain knowledge, Intrusion detection",

author = "Ahmed AlEroud and George Karabatis",

note = "Funding Information: This line of research has been supported by grants from the State of Maryland-TEDCO (MII), and Northrop Grumman Corporation, USA. The authors would like also to thank the PREDICT team for providing experimental data. Publisher Copyright: {\textcopyright} 2017 IFIP.; 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 ; Conference date: 08-05-2017 Through 12-05-2017",

year = "2017",

month = jul,

day = "20",

doi = "10.23919/INM.2017.7987435",

language = "English (US)",

series = "Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1040--1045",

editor = "Prosper Chemouil and Paulo Simoes and Edmundo Madeira and Stefano Secci and Edmundo Monteiro and Gaspary, {Luciano Paschoal} and {dos Santos}, {Carlos Raniery P.} and Marinos Charalambides",

booktitle = "Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management",

}

TY - GEN

T1 - Methods and techniques to identify security incidents using domain knowledge and contextual information

AU - AlEroud, Ahmed

AU - Karabatis, George

N1 - Funding Information: This line of research has been supported by grants from the State of Maryland-TEDCO (MII), and Northrop Grumman Corporation, USA. The authors would like also to thank the PREDICT team for providing experimental data. Publisher Copyright: © 2017 IFIP.

PY - 2017/7/20

Y1 - 2017/7/20

N2 - a recent trend in intrusion detection is toward utilizing knowledge-based IDSs. Knowledge-based IDSs store knowledge about cyber-attacks and possible vulnerabilities and use this knowledge to guide the process of attack prediction. One significant limitation of knowledge-based IDSs is the lack of contextual information and domain knowledge used to detect attacks. Contextual information is not only the configuration on the targeted systems and their vulnerabilities. It also covers semantic relationships between malicious activities. In addition, domain knowledge extracted from taxonomies about those activities is a significant contextual factor in attack identification. To overcome these limitations, this work introduces a novel contextual framework which consists of several attack prediction models that are utilized in conjunction with IDSs to detect cyber-attacks.

AB - a recent trend in intrusion detection is toward utilizing knowledge-based IDSs. Knowledge-based IDSs store knowledge about cyber-attacks and possible vulnerabilities and use this knowledge to guide the process of attack prediction. One significant limitation of knowledge-based IDSs is the lack of contextual information and domain knowledge used to detect attacks. Contextual information is not only the configuration on the targeted systems and their vulnerabilities. It also covers semantic relationships between malicious activities. In addition, domain knowledge extracted from taxonomies about those activities is a significant contextual factor in attack identification. To overcome these limitations, this work introduces a novel contextual framework which consists of several attack prediction models that are utilized in conjunction with IDSs to detect cyber-attacks.

KW - Context

KW - Cyber Security

KW - Data mining

KW - Domain knowledge

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=85029450613&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85029450613&partnerID=8YFLogxK

U2 - 10.23919/INM.2017.7987435

DO - 10.23919/INM.2017.7987435

M3 - Conference contribution

AN - SCOPUS:85029450613

T3 - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

SP - 1040

EP - 1045

BT - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

A2 - Chemouil, Prosper

A2 - Simoes, Paulo

A2 - Madeira, Edmundo

A2 - Secci, Stefano

A2 - Monteiro, Edmundo

A2 - Gaspary, Luciano Paschoal

A2 - dos Santos, Carlos Raniery P.

A2 - Charalambides, Marinos

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017

Y2 - 8 May 2017 through 12 May 2017

ER -

Methods and techniques to identify security incidents using domain knowledge and contextual information

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this