Abstract
Currently available products only provide some support in terms of Intrusion Prevention and Intrusion Detection, but they very much lack Intrusion Diagnosis features. We discuss the limitations of current Intrusion Detection System (IDS) technology, and propose a novel approach - which we call Intrusion Detection & Diagnosis System (ID2S) technology - to overcome such limitations. The basic idea is to collect information at several architectural levels, using multiple security probes, which are deployed as a distributed architecture, to perform sophisticated correlation analysis of intrusion symptoms. This makes it possible to escalate from intrusion symptoms to the adjudged cause of the intrusion, and to assess the damage in individual system components. The process is driven by ontologies. We also present preliminary experimental results, providing evidence that our approach is effective against stealthy and non-vulnerability attacks.
Chapter PDF
Similar content being viewed by others
Keywords
References
Jakobsson, M., XiaoFeng, W., Wetzel, S.: Stealth attacks in vehicular technologies. In: Proc. of The Vehicular Technology IEEE Conference, September 26-29, vol. 2, pp. 1218–1222 (2004)
IDC, Worldwide threat Management Security Appliances 2007-2011 Forecast and 2006 Vendor Shares: Still Stacking the Racks, Doc # 209303 (November 2007)
Repp, N., Berbner, R., Heckmann, O., Steinmetz, R.: A Cross-Layer Approach to Performance Monitoring of Web Services. In: Proc. of the Workshop on Emerging Web Services Technology, CEUR-WS (December 2006)
Yu-Sung, W., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments. In: Proc. of Dependable Systems and Networks Conference, June 28, pp. 433–442 (2004)
Vigna, G., Robertson, W., Vishal, K., Kemmerer, R.A.: A stateful intrusion detection system for World-Wide Web servers. In: Proc. of 19th Annual Computer Security Applications Conference, December 8-12, pp. 34–43 (2003)
Kruegel, C., Vigna, G.: Anomaly detection of web based attacks. In: Proc. of the 10th ACM conference on Computer and Communication Security (CCS 2003), pp. 251–261. ACM Press, New York (2003)
Majorczyk, F., Totel, E., Mé, L., Saïdane, A.: Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs. In: Proc. of The Ifip Tc 11 23rd International Information Security Conference, July 17, pp. 301–315 (2008)
Campanile, F., Cilardo, A., Coppolino, L., Romano, L.: Adaptable Parsing of Real-Time Data Streams. In: 15th EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing, PDP 2007, February 7-9, pp. 412–418 (2007)
Fisher, Gruber, R.: PADS: a domain-specific language for processing ad hoc data. In: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (2005)
The Borealis project, http://www.cs.brown.edu/research/borealis/public/
apache-scalp, Apache log analyzer for security, http://code.google.com/p/apache-scalp/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coppolino, L., D’Antonio, S., Elia, I.A., Romano, L. (2009). From Intrusion Detection to Intrusion Detection and Diagnosis: An Ontology-Based Approach. In: Lee, S., Narasimhan, P. (eds) Software Technologies for Embedded and Ubiquitous Systems. SEUS 2009. Lecture Notes in Computer Science, vol 5860. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10265-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-10265-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10264-6
Online ISBN: 978-3-642-10265-3
eBook Packages: Computer ScienceComputer Science (R0)