Title: Context and semantics for detection of cyber attacks

Authors: Ahmed Aleroud; George Karabatis; Prayank Sharma; Peng He

Addresses: Department of Information Systems, University of Maryland, Baltimore County (UMBC), 1000 Hilltop Circle, Baltimore, MD, USA ' Department of Information Systems, University of Maryland, Baltimore County (UMBC), 1000 Hilltop Circle, Baltimore, MD, USA ' Department of Information Systems, University of Maryland, Baltimore County (UMBC), 1000 Hilltop Circle, Baltimore, MD, USA ' Department of Information Systems, University of Maryland, Baltimore County (UMBC), 1000 Hilltop Circle, Baltimore, MD, USA

Abstract: This paper presents a novel layered cyber-attack detection approach utilising: 1) semantic relationships between attacks to infer possible related suspicious network activities from connections between hosts; 2) contextual information expressed as attack context profiles on top of semantic relationships. The combined use of context and semantics in intrusion detection results in predicting attacks with higher accuracy while decreasing the number of false positives at the same time. A prototype system has been implemented and experiments have been conducted on it. The results exhibit higher or competitive detection rates compared with other existing approaches.

Keywords: computer security; information systems security; information security; context awareness; cyber security; intrusion detection; semantic networks; cyber attacks; attack detection; semantics; semantic relationships; false positives.

DOI: 10.1504/IJICS.2014.059791

International Journal of Information and Computer Security, 2014 Vol.6 No.1, pp.63 - 92

Received: 03 Jun 2013
Accepted: 03 Oct 2013

Published online: 10 Mar 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article