Hostname: page-component-7bb8b95d7b-l4ctd Total loading time: 0 Render date: 2024-09-20T00:40:40.088Z Has data issue: false hasContentIssue false

Using DAML+OIL to classify intrusive behaviours

Published online by Cambridge University Press:  13 May 2004

JEFFREY UNDERCOFFER
Affiliation:
Department of Computer Science and Electrical Engineering, University of Maryland Baltimore County, 1000 Hilltop Circle, Baltimore, MD-21250, USA; email: undercoffer@umbc.edu, joshi@umbc.edu, finin@umbc.edu, pinkston@umbc.edu
ANUPAM JOSHI
Affiliation:
Department of Computer Science and Electrical Engineering, University of Maryland Baltimore County, 1000 Hilltop Circle, Baltimore, MD-21250, USA; email: undercoffer@umbc.edu, joshi@umbc.edu, finin@umbc.edu, pinkston@umbc.edu
TIM FININ
Affiliation:
Department of Computer Science and Electrical Engineering, University of Maryland Baltimore County, 1000 Hilltop Circle, Baltimore, MD-21250, USA; email: undercoffer@umbc.edu, joshi@umbc.edu, finin@umbc.edu, pinkston@umbc.edu
JOHN PINKSTON
Affiliation:
Department of Computer Science and Electrical Engineering, University of Maryland Baltimore County, 1000 Hilltop Circle, Baltimore, MD-21250, USA; email: undercoffer@umbc.edu, joshi@umbc.edu, finin@umbc.edu, pinkston@umbc.edu

Abstract

We have produced an ontology specifying a model of computer attack. Our ontology is based upon an analysis of over 4000 classes of computer intrusions and their corresponding attack strategies and is categorised according to system component targeted, means of attack, consequence of attack and location of attacker. We argue that any taxonomic characteristics used to define a computer attack be limited in scope to those features that are observable and measurable at the target of the attack. We present our model as a target-centric ontology that is to be refined and expanded over time. We state the benefits of forgoing dependence upon taxonomies in favour of ontologies for the classification of computer attacks and intrusions. We have specified our ontology using the DARPA Agent Markup Language+Ontology Inference Layer and have prototyped it using DAMLJessKB. We present our model as a target-centric ontology and illustrate the benefits of utilising an ontology in lieu of a taxonomy, by presenting a use-case scenario of a distributed intrusion detection system.

Type
Research Article
Copyright
© 2004 Cambridge University Press

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)