Abstract
We state the benefits of transitioning from taxonomies to ontologies and ontology specification languages, which are able to simultaneously serve as recognition, reporting and correlation languages. We have produced an ontology specifying a model of computer attack using the DARPA Agent Markup Language+Ontology Inference Layer, a descriptive logic language. The ontology's logic is implemented using DAMLJessKB. We compare and contrast the IETF's IDMEF, an emerging standard that uses XML to define its data model, with a data model constructed using DAML+OIL. In our research we focus on low level kernel attributes at the process, system and network levels, to serve as those taxonomic characteristics. We illustrate the benefits of utilizing an ontology by presenting use case scenarios within a distributed intrusion detection system. © Springer-Verlag Berlin Heidelberg 2003.
Cite
CITATION STYLE
Undercoffer, J., Joshi, A., & Pinkston, J. (2003). Modeling computer attacks: An ontology for intrusion detection. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2820, 113–135. https://doi.org/10.1007/978-3-540-45248-5_7
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
