Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems

“…Ontologies have proven to be powerful tools to specify and structure knowledge, to model behaviours schematically, or to provide formal specification of different entities in a system and their relationships. Other researchers [2,8,9] have used ontologies to represent contextual information. For instance, in [9], the authors tackle the problem of adding contextual information in the smart car domain.…”

“…Current IDSs utilise measurable network traffic information from the protected system or signatures of known attacks during the intrusion detection process, but these systems do not take into account available high-level information (i.e. above the network operation) regarding the protected system to improve their effectiveness [2].…”

Adding contextual information to Intrusion Detection Systems using Fuzzy Cognitive Maps

“…Ontologies have proven to be powerful tools to specify and structure knowledge, to model behaviours schematically, or to provide formal specification of different entities in a system and their relationships. Other researchers [2,8,9] have used ontologies to represent contextual information. For instance, in [9], the authors tackle the problem of adding contextual information in the smart car domain.…”

“…Current IDSs utilise measurable network traffic information from the protected system or signatures of known attacks during the intrusion detection process, but these systems do not take into account available high-level information (i.e. above the network operation) regarding the protected system to improve their effectiveness [2].…”

Adding contextual information to Intrusion Detection Systems using Fuzzy Cognitive Maps

“…For instance, the authors of [1] propose a security ontologies-based approach to add context information into a process that fuses the outcome of heterogeneous distributed IDSs. By using this high-level information, the authors are able to reduce the number of false positive alerts.…”

“…above the network operation) regarding the protected system [1]. As we previously discussed in [2], the next generation of IDSs should incorporate contextual information, situational awareness and cognitive information, pertaining to the experts' judgment on the network behaviour within the intrusion detection process.…”

Using the pattern-of-life in networks to improve the effectiveness of intrusion detection systems

“…Sadighian et al [127] propose an alert fusion approach that incorporates public vulnerability data (CVE, NVD) and contextual attack information such as network configurations, host settings, application requirements, and user-specific configurations. This data is retrieved from a dedicated configuration management system.…”

Semantics-aware detection of targeted attacks: a survey