Big Data

On Web, Semantics, and Data Mining: Intrusion Detection as a Case Study

Download Now Date Added: Jan 2010
Format: PDF

Data mining is defined as the process of discovering implicit, non trivial knowledge from large consolidated databases. This is done with the aim of using it to support tactical and strategic business decisions. During the last decade many studies have been undertaken in the field of data mining. Though, much of the data mining research has been more narrowly focused on mathematical or statistical methods, and has built on prior work in pattern recognition. This case study attempts to examine the intersection of data mining and semantic web. The paper, firstly, briefly identify some points where they can impact one another. From there, the paper develops a specific example of intrusion detection, an application of distributed data mining. The document also presents an ontology specifying a model of computer attacks. For producing this model, an analysis of over 4,000 classes of computer attacks was undertaken. Apart from this, the paper also analyzed their corresponding attack strategies using data derived from CERT/CC advisories and NIST's ICAT meta-base. The attack model is first produced as taxonomy and then converted to a target-centric ontology. The paper also lists the many benefits offered by ontologies. The benefits are illustrated through a comparison of case scenario of ontology mentioned in the paper and the IETF's Intrusion Detection Exchange Message Format Data Model.