A System for Cyber Attack Detection Using Contextual Semantics

  • Ahmed AlEroud
  • George Karabatis
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 172)


In this paper, we present a layered cyber-attack detection system with semantics and context capabilities. The described approach has been implemented in a prototype system which uses semantic information about related attacks to infer all possible suspicious network activities from connections between hosts. The relevant attacks generated by semantic techniques are forwarded to context filters that use attack context profiles and host contexts to filter out irrelevant attacks. The prototype system is evaluated on the KDD 1999 intrusion detection dataset, where the experimental results have shown competitive precision and recall values of the system compared with previous approaches.


Context Context-aware Cyber Security Semantic Networks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sowa, J.: Semantic Networks. In: Shapiro, S.C. (ed.) Encyclopedia of Artificial Intelligence, pp. 1493–1511. Wiley, New York (1992)Google Scholar
  2. 2.
    Sowa, J.: Semantic Networks,
  3. 3.
    Knowledge discovery in databases DARPA archive. Task Description,
  4. 4.
    Shannon, C.: The Mathematical Theory of Communication. University of Illinois Press (1949)Google Scholar
  5. 5.
    McHugh, J.: Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2001)CrossRefGoogle Scholar
  6. 6.
    Kayacik, G., Zincir, A.: Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms. In: IEEE Intelligence and Security Informatics, Atlanta, USA (2005)Google Scholar
  7. 7.
    Karabatis, G., Chen, Z., Janeja, V.P., Lobo, T., Advani, M., Lindvall, M., Feldmann, R.L.: Using Semantic Networks and Context in Search for Relevant Software Engineering Artifacts. In: Spaccapietra, S., Delcambre, L. (eds.) Journal on Data Semantics XIV. LNCS, vol. 5880, pp. 74–104. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Duarte, J., Dos, S., Melo, L.: Comparison of Similarity Coefficients Based On Rapid Markers In The Common Bean. Genetics and Molecular Biology 22(3), 427–432 (1999)CrossRefGoogle Scholar
  9. 9.
    Pensa, R., Leschi, C., Besson, J., Boulicaut, J.: Assessment of Discretization Techniques For Relevant Pattern Discovery From Gene Expression Data. In: 4th Workshop on Data Mining in Bioinformatics (2004)Google Scholar
  10. 10.
    Güneş, A., Nur, Z., Malcolm, I.: Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99. In: Third Annual Conference on Privacy, Security and Trust, PST, Canada (2005)Google Scholar
  11. 11.
    Kumar, K., Nath, B., Kotagiri, R.: Layered Approach Using Conditional Random Fields for Intrusion Detection. IEEE Transactions on Dependable and Secure Computing 7(1), 35–49 (2010)CrossRefGoogle Scholar
  12. 12.
    Weka Data mining and machine learning software,
  13. 13.
    Konstanz Information Miner,
  14. 14.
    IBM Internet Security Systems,
  15. 15.
  16. 16.
    Mrutyunjaya, P., Manas, R.: A Comparative Study of Data Mining Algorithms for Network Intrusion Detection. In: First International Conference on Emerging Trends in Engineering and Technology, pp. 505–507 (2008)Google Scholar
  17. 17.
    Wei, Y.: Semantic Approach for Attack Knowledge Extraction in Intrusion Detection Systems. In: 29th Annual IEEE International Conference on Local Computer Networks (2004)Google Scholar
  18. 18.
    Vaidehil, V., Srinivasan, N., Anand, P., Balajil, A., Prashanthl, V., Sangeethal, S.: A Semantics Based Application Level Intrusion Detection System. In: International Conference on Signal Processing, Communications and Networking (2007)Google Scholar
  19. 19.
    Ganesh, K., Sekar, M., Vaidehi, V.: Semantic Intrusion Detection System Using Pattern Matching and State Transition Analysis. In: International Conference in Recent Trends in Information Technology (2011)Google Scholar
  20. 20.
    Lassez, J., Rossi, R., Sheel, S., Mukkamala, S.: Signature Based Intrusion Detection using Latent Semantic Analysis. In: IEEE International Joint Conference on Computational Intelligence, pp. 1068–1074 (2008)Google Scholar
  21. 21.
    Lexi, P., Benedikt, W., Volker, W.: A Context Aware Network-IDS. In: 13th Nordic Workshop on Secure IT Systems, NordSec Copenhagen, Denmark (2008)Google Scholar
  22. 22.
    Frédéric, M., Mathieu, C., Lionel, B., Yvan, L.: Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases. In: Third Annual Conference on Privacy, Security and Trust, Fredericton, New Brunswick, Canada (2005)Google Scholar
  23. 23.
    Liu, X., Xiao, D.: Using Vulnerability Analysis to Model Attack Scenario for Collaborative Intrusion Detection. In: 10th International Conference on Advanced Communication Technology, pp. 1273–1277 (2008)Google Scholar
  24. 24.
    Zhou, J., Heckman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling Network Intrusion Detection Alerts For Correlation. ACM Transactions and Information System Security 10(1), 1–31 (2007)CrossRefGoogle Scholar
  25. 25.
    Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network using maximum entropy estimation. In: ACM SIG-COMM Conference on Internet Measurement, pp. 345–351 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Department of Information SystemsUniversity of Maryland, Baltimore County (UMBC)BaltimoreUSA

Personalised recommendations