Network Event Correlation and Semantic Reasoning for Federated Networks Protection System

  • Michał Choraś
  • Rafał Kozik
Part of the Communications in Computer and Information Science book series (CCIS, volume 245)


In this paper we present semantic approach to network event correlation for large-scale federated intrusion detection system. The major contributions of this paper are: network event correlation mechanism and semantic reasoning based on the ontology. Our propositions and deployments are used in Federated Networks Protection System as a part of the Decision Module.


Anomaly Detection Intrusion Detection System Decision Module Reaction Rule Injection Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Enabling and managing end-to-end resilience, ENISA (European Network and Information Security Agency) Report (January 2011)Google Scholar
  2. 2.
    Choraś, M., D’Antonio, S., Kozik, R., Holubowicz, W.: INTERSECTION Approach to Vulnerability Handling. In: Proc. of 6th International Conference on Web Information Systems and Technologies, WEBIST 2010, vol. 1, pp. 171–174. INSTICC Press, Valencia (2010)Google Scholar
  3. 3.
    NATO Network Enabled Feasibility Study Volume II: Detailed Report Covering a Strategy and Roadmap for Realizing an NNEC Networking and Information Infrastructure (NII), version 2.0Google Scholar
  4. 4.
    El-Damhougy, Yousefizadeh, H., Lofquist, H., Sackman, D., Crowley, R.: Hierarchical and federated network management for tactical environments. In: Proc. of IEEE Military Communications Conference MILCOM, vol. 4, pp. 2062–2067 (2005)Google Scholar
  5. 5.
    Calo, S., Wood, D., Zerfos, P., Vyvyan, D., Dantressangle, P., Bent, G.: Technologies for Federation and Interoperation of Coalition Networks. In: Proc. of 12th International Conference on Information Fusion, Seattle (2009)Google Scholar
  6. 6.
    Coppolino, L., D’Antonio, L., Esposito, M., Romano, L.: Exploiting diversity and correlation to improve the performance of intrusion detection systems. In: Proc. of IFIP/IEEE International Conference on Network and Service (2009)Google Scholar
  7. 7.
  8. 8.
    PHPIDS project homepage,
  9. 9.
  10. 10.
    SNORT project homepage,
  11. 11.
    Choraś, M., Saganowski, L., Renk, R., Holubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection, Expert Systems (Early View) (2011) doi: 10.1111/j.1468-0394.2010.00576.x Google Scholar
  12. 12.
    ARAKIS project homepage,
  13. 13.
    HSN project homepage,
  14. 14.
    Neches, R., Fikes, R., Finin, T., Gruber, T., Patil, R., Senator, T., Swartout, W.R.: Enabling Technology for Knowledge Sharing. AI Magazine 12(3), s.36–s.56 (1991)Google Scholar
  15. 15.
    OWL Web Ontology Language Semantics and Abstract Syntax (June 2006),
  16. 16.
    SWRL: A Semantic Web Rule Language Combning OWL and RuleML, W3C Member Submission,

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Michał Choraś
    • 1
    • 2
  • Rafał Kozik
    • 1
    • 2
  1. 1.ITTI Ltd.PoznańPoland
  2. 2.Institute of TelecommunicationsUT and LS BydgoszczPoland

Personalised recommendations