Predicting Network Attacks Using Ontology-Driven Inference
This work addresses network security management by providing a more effective method for attack prediction, though it appears incremental as it builds on existing ontology and knowledge representation techniques.
The paper tackled the problem of predicting network attacks by modeling them with ontologies and using description logic reasoning, resulting in significant capability improvements over traditional models, reduced false alarms, and enhanced intrusion detection effectiveness.
Graph knowledge models and ontologies are very powerful modeling and re asoning tools. We propose an effective approach to model network attacks and attack prediction which plays important roles in security management. The goals of this study are: First we model network attacks, their prerequisites and consequences using knowledge representation methods in order to provide description logic reasoning and inference over attack domain concepts. And secondly, we propose an ontology-based system which predicts potential attacks using inference and observing information which provided by sensory inputs. We generate our ontology and evaluate corresponding methods using CAPEC, CWE, and CVE hierarchical datasets. Results from experiments show significant capability improvements comparing to traditional hierarchical and relational models. Proposed method also reduces false alarms and improves intrusion detection effectiveness.