MS Thesis Defense
Situation Aware Intrusion Detection Model
Sumit More
9:00am Friday, 27 April 2012, ITE 346, UMBC
Today, information technology and cyber-services have become the foundation pillars of every business and manufacturing industry. The importance of cyber-services and their extensive use by every section of the society has paved the way for cyber-crimes like espionage, politically motivated attacks, credit card frauds, unauthorized infrastructure access, denial-of-service attacks, and stealing of valuable data. Intrusion Detection Systems (IDS) are applications which monitor cyber-systems to identify any malicious activities, generate an alert when such an activity is detected, and redress the problem if possible. Most of the intrusion detection/prevention systems available today are based on rule-based or signature based activity monitoring which detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These Intrusion Detection Systems (IDS) face limitations in detecting newly published attacks or variants of existing attacks. They are also point solutions that focus on a single system/component.
We argue that integrating information coming from multiple data channels can lead to a better threat detection model. Data source of web including blogs, chat-rooms, forums etc. can be a good source of information for upcoming attacks or attacks whose signatures have not yet been tracked for the intrusion detection systems to catch. Semantic integration of the data sources from web, information from IDS/IPS modules at the network and host level, and the expert knowledge can be used to create a ‘Situation Aware Intrusion Detection Model’ which can lead to better intrusion detection and prevention results. In this work, we present such a system which makes use of semantic web technologies to find relationships between the information gathered from the web, sensor data coming from IDS/IPS modules and network activity monitors, and reasons over this data and expert provided rules in-order to detect possibility of a cyber attack.
Thesis Committee: Professors Anupam Joshi (chair), Tim Finin and Yelena Yesha