Dissertation > Excellent graduate degree dissertation topics show

Cooperative Ontology Model for Distributed Intrusion Detection System

Author: RenWeiWu
Tutor: HuLiang
School: Jilin University
Course: Computer System Architecture
Keywords: Intrusion detection ontology wired network wireless network data mining
CLC: TP393.08
Type: PhD thesis
Year: 2013
Downloads: 114
Quote: 0
Read: Download Dissertation

Abstract


With the rapid development of network applications, original and simple attackpatterns have become multi-step and complex attack patterns. Moreover, a largenumber of heterogeneous distributed intrusion detection systems are deployed in theheterogeneous networks. They have different detection principles, differentdeployment schemes and different detection performance. It is so hard for thesedistributed intrusion detection system to work together that they are inability toprotect comprehensively Global Information Infrastructure. How to integrateheterogeneous intrusion detection systems in heterogeneous networks and how tomake them work together have been hot issues.A cooperative ontology model for distributed intrusion detection system isproposed in this paper. In this model, entities in the real scenario are instantiated intoinstances in the ontology. Threat states of system are inferred by analyzing details ofinstances. Consequen states of system are inferred by current threat states and attacksin real time. With the advantage of ontology, heterogeneous intrusion detectionsystems can share knowledge and security state. And they can understand each other.They can work together by inferring attacks and try to prevent transregionallarge-scale security incidentsThis model is a unified three levels information security ontology model. Themodel cotains three levels: global level, domain level and local level. In the globallevel, there is single ontology, which is represented common semantic model of allinformation. Global level only offers concept interfaces of different domain ontolgiesand brief descriptions of their relationships. But it does not involve in concretedomain knowledge.This paper focuses on domain level. Domain ontologies are created by domainknowledge and inherit by global ontology structure. Ontologies in the domain levelare fused by ontology model in the wire network and ontology model in the wirelessnetwork. Ontology model in the wire network includes two parts: model research andrelated algorithm research. In the model research, a series of methods of creating,instatiating and inferring ontology model are proposed. Different entites in the realscenario are mapped into ontologies in the model. All details of real scenario aredescribed. On the basis of this, a new threat state is proposed. Some important detailsare correlated with threat states. This process is achieved by the method of inferringby rules. Consequence states are inferred by attacks in real time and current threatstate of system. Consequence state can be the next threat state. The old implicit causalrelationships between attacks transformed into the new inferred causal relationshipsbetween attacks and security states. A new mis-configuration vulnerability inferencemethod is also proposed. Configuration entites are described by ontology andconfiguration instances are correlated with other instances. Their important details arecorrelated with mis-configuration vulnerability instances. This process is achieved bythe method of inferring by rules. In addition, new concrete system framework andworkflow are also proposed. In the related algorithm research, three related algorithmsare proposed according to demand of system framework. They are respectivelyparallel anomaly detection algorithm based on hierarchical clustering, hybrid intrusiondetection system based on hierarchical clustering and decision trees and intrusionclassifier based on multiple feature selection. The first algorithm is a parallel anomalydetection algorithm running multicore system. The second algorithm is a light hybridintrusion detection system. The first two types of intrusion detection algorithms havethe following characteristics: hybrid, light and parallel. The third algorithm combinesdifferent feature selection algorithm with attack classification algorithms. Theultimate goal is to achieve the maximum classification accuracy of optimal subset.Ontology in the wireless model includes two parts: model reseach and relatedalgorithm research. In the model research, mobile Ad Hoc network, as our majorresearch object, are mapped into ontology by methods of wire network. Our platformof Internet of things, as the real scenario, is instantiated. In the related algorithmresearch, an anomaly detection algorithm against black hole is proposed.

Related Dissertations

  1. A Study on Healthcare Product Marketing Based on Data Mining Technology,F426.72
  2. Gao Zhong-ying academic thought and experience and use of Bufei Decoction treatment of common diseases of the respiratory system drug law,R249.2
  3. Bing- thick academic thought and clinical experience and empirical studies apply to turtle soups treatment of chronic kidney disease,R249.2
  4. The Effect of Instruction for Middle School with Philosophy,G633.6
  5. Intrusion detection based on the ultrasonic echo envelope in the military security patrols,E919
  6. Murine Peritoneal Macrophages Transcriptional Responses Following in Vivo Infection with Streptococcus Suis Type 2,S858.91
  7. Medical Application of a Wireless Communication Platform Based on RFID and GPRS,R319
  8. The Design and Implementation of Bicluster Data Analyzing Software,TP311.52
  9. Research on Clustering Algorithm Based on Mutation Particle Swarm Optimization,TP18
  10. Research on Fuzzy C-Mean Clustering Algorithm Based on Particle Swarm Optimization and Shuffled Frog Leaping Algorithm,TP18
  11. Research on Clustering Algorithm Based on Genetic Algorithm and Rough Set Theory,TP18
  12. Semantic Retrieval Research Based on Ontology,TP391.3
  13. Research on Intrusion Detection Technology of Wireless Sensor Networks Based on Behavior Trust,TP212.9
  14. Wireless Sensor Network Based on ZigBee Monitoring Intelligent Building Environment,TN929.5
  15. Based on data mining research tax audit case selection,F812.42
  16. Lukacs ' ontology of social existence \,B515
  17. Ontology -based Distributed Description Logic Modular Construction Methods,TP391.1
  18. Community-oriented education, personalized learning system and its implementation,TP391.6
  19. Association rule mining based Intrusion Detection System Research and Implementation,TP393.08
  20. Data warehouse technology in the banking customer management systems research and implementation,TP315
  21. Ontology -based Semantic Web service matching and composition method,TP393.09

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile