Cyber Attack Detection Using Contextual Semantics
ABSTRACT. We present a layered cyber-attack detection system with semantics and context capabilities. The described approach has been implemented in a prototype system which uses semantic information about related attacks to infer all possible suspicious network activities from connections between hosts. The relevant attacks generated by semantic techniques are forwarded to context filters that use attack context profiles and host contexts to filter out irrelevant attacks. Experiments on the KDD 1999 intrusion detection dataset, have shown high precision and recall values of the system compared with previous approaches.
Switch to experimental viewer- PDF document
- 330.13 KB
- 431 downloads
- Download
- PDF version
- Printer-friendly version