An ontology-based intrusion patterns classification system
Studies have shown that computer intrusions have been on the increase in recent times. Many techniques and patterns are being used by intruders to gain access to data on host computer networks. In this work, intrusion patterns were identified and classified and inherent knowledge were represented using an ontology of intrusion patterns. Pattern classification was based on the categories of known intrusions (attacks). Four basic intrusion patterns classification were identified; Input Validation, Force browsing, Buffer Overflow and Parameter tampering intrusion patterns. An ontology-based intrusion pattern classifications system (OPC) was proposed and developed to classify, represent and model the inherent knowledge in the identified intrusion patterns using semantic web technologies. The OPC was integrated into an IDS and deployed in a campus network to monitor, classify and detects intrusion patterns in 2,419,200 seconds computer time. A total of 57465 packets were observed to have made attempt to use the network, of these numbers, 2770 (4.8%) packets were observed to be intrusions and therefore were dropped by the OPC via different protocols (TCP & UDP). A change in network protocols affects the rate of dropped packets and helps in patterns classification. Results show that ontology helps in knowledge representation and classification of intrusion patterns compare to other methods of intrusion patterns recognitions.
Keywords: IDS, Onto-intrusion classifier, OWL, Pattern recognition, Semantic Web