A semantic web enabled host intrusion detection system

摘要

Security has preeminent importance in today's technological environment. In recent years, as cyber-attacks have emerged new security concerns have arisen. In order to overcome the serious consequences of these cyber-attacks, fully-functioning and performance-improved intrusion detections systems are required. In this work, we propose a semantic web based host intrusion detection system to reduce the search time for malware scanning and to improve the performance of the intrusion detection systems. For this purpose, we used ontologies to provide semantic expressiveness and knowledge description for an intrusion detection system. The proposed ontology based intrusion detection system scans for malwares running on the operating system. Also, services and processes that are working on the system are scanned, and results are compared with a malware database. If any match occurs, the proposed system displays a malware list that matches with the information of that malware and where it is running.