PROPOSTA DE UMA CLASSIFICAÇÃO DE AGRUPAMENTO DINÂMICA BASEADA EM ALERTAS DE UM IDS SNORT
Resumo
As Redes de computadores estão incorporando cada vez mais recursos, onde administradores necessitam verificar milhares de alertas gerados por um IDS. Desta forma, surge a necessidade de ferramentas que possam classificar e agrupar alertas de forma dinâmica para que apoiem os administradores a identificar ataques futuros. Frente às necessidades surge a proposta de criar uma classificação-modelo dinâmica que possa representar o conhecimento de segurança de redes de computadores dos sistemas de detecção de intrusão. Neste sentido o trabalho tem como objetivo, analisar a estrutura de dados dos alertas, modelar o conhecimento do IDS em forma de um modelo de classificação, utilizando-se da ferramenta Protégé para mapeamento dinâmico entre o MySQL e SPARQL.Referências
AN WANG, J., GUO, M. M., CAMARGO, J. An ontological approach to computer system security. Information Security Journal: A Global Perspective, 19(2):61–73, 2010.
BHANDARI, P., GUJARAL, M. S. Ontology based approach for perception of network security state. In Engineering and Computational Sciences (RAECS), Recent Advances in, pages 1–6. IEEE, 2014.
DO AMARAL, F. N., BAZILIO, C., DA SILVA, G. M. H., RADEMARKER, A., HAEUSLER, E. H.,. An ontology-based approach to the formalization of information security policies. In EDOC Workshops, page 1, 2006.
ELAHI, G., YU, E., ZANNONE, N. A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In International Conference on Conceptual Modeling, pages 99–114. Springer, 2009.
GAO, J. B., ZHANG, B. W., CHEN, X. H., LUO, Z. Ontology-based model of network and computer attacks for security assessment. Journal of Shanghai Jiaotong University (Science), 18(5):554–562, 2013.
GYARD, A., BONNET, C., BOUDAOUD, K. The stac (security toolbox: attacks & countermeasures) ontology. In Proceedings of the 22nd International Conference on World Wide Web, pages 165–166. ACM, 2013.
IANNACONE, M., BOHN, S., NAKAMURA, G., GERTH, J., HUFFER, K., BRIDGES, R., FERRAGUT, E., GOODALL, J. (Developing an ontology for cyber security knowledge graphs. In Proceedings of the 10th Annual Cyber and Information Security Research Conference, page 12. ACM, 2015.
KARANDE, H. A., GUPTA, S. S. (2015). Ontology based intrusion detection system for web application security. In Communication Networks (ICCN), International Conference on, pages 228–232. IEEE, 2015.
KHAIRKAR, A. D., KSHIRSAGAR, D. D., KUMAR, S. Ontology for detection of web attacks. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on, pages 612–615. IEEE, 2013.
L. YANG, W. GASIOR, R. KATIPALLY, X. CUI, "Alerts Analysis and Visualization in Network-based Intrusion Detection Systems", IEEE Second International Conference on Social Computing, Minneapolis, MN,2010, pp.785-790.doi: 10.1109/SocialCom.2010.120, 2010.
LI, W., TIAN, S. An ontology-based intrusion alerts correlation system. Expert Systems with Applications, 37(10):7138–7146, 2010.
MUSEN, M. A. The proteg ́ e project: a look back and a look forward. ́ AI matters, 1(4):4–12, 2015.
PINKISTON, J., UNDERCOFFER, J., JOSHI, A., FININ, T. A target-centric ontology for intrusion detection. In proceeding of the IJCAI-03 Workshop on Ontologies and Distributed Systems. Acapulco, August 9 th. Citeseer, 2004.
RAZZAQ, A., AHMED, H. F., HUR, A., HAIDER, N. Ontology based application level intrusion detection system by using bayesian filter. In Computer, Control and Communication, 2009. IC4 2009. 2nd International Conference on, pages 1–6. IEEE, 2009.
RAZZAQ, A., ANWAR, Z., AHMED, H. F., LATIF, K., MUNIR, F. Ontology for attack detection: An intelligent approach to web application security. computers & security, 45:124–146, 2014.
SI, C., ZHANG, H., WANG, Y., Liu, J. Network security situation elements fusion method based on ontology. In Computational Intelligence and Design (ISCID), 2014 Seventh International Symposium on, volume 2, pages 272–275. IEEE, 2014.
SILVA, D. V., RAFAEL, G. R. Ontologies for network security and future challenges. In International Conference on Cyber Warfare and Security, page 541. Academic Conferences International Limited, 2014.
SIMMONS, C. B., SHIVA, S. G., SIMMOS, L. L. A qualitative analysis of an ontology based issue resolution system for cyber attack management. In Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), 2014 IEEE 4th Annual International Conference on, pages 323–329. IEEE, 2014.
UNDERCOFFER, J., JOSHI, A., PINKSTON, J. Modeling computer attacks: An ontology for intrusion detection. In International Workshop on Recent Advances in Intrusion Detection, pages 113–135. Springer, 2013.
WANG, J. A. GUO, M. Security data mining in an ontology for vulnerability management. In 2009 International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing, pages 597–603. IEEE, 2009.
XU, H., XIA, X., XIAO, D., LIU, X. Towards automation for pervasive network security management using an integration of ontology-based and policy-based approaches. In Innovative Computing Information and Control, 2008. ICICIC’08. 3rd International Conference on, pages 87–87. IEEE, 2008.
XU, H., XIAO, D., WU, Z. Application of security ontology to contextaware alert analysis. In Computer and Information Science, 2009. ICIS 2009. Eighth IEEE/ACIS International Conference on, pages 171–176. IEEE, 2009.
YE, D., BAI, Q., ZHANG, M. Ontology-based knowledge representation for ap2p multi-agent distributed intrusion detection system. In Network and Parallel Computing, 2008. NPC 2008. IFIP International Conference on, pages 111–118. IEEE, 2008.
