Welcome to the InfoSci Platform
Reference Hub1
Classifying Host Anomalies: Using Ontology in Information Security Monitoring

Classifying Host Anomalies: Using Ontology in Information Security Monitoring

Suja Ramachandran, R.S. Mundada, A.K. Bhattacharjee, C.S.R.C. Murthy, R. Sharma
Copyright: © 2011 |Pages: 17
ISBN13: 9781609601232|ISBN10: 1609601238|EISBN13: 9781609601256
DOI: 10.4018/978-1-60960-123-2.ch006
Cite Chapter Cite Chapter

MLA

Ramachandran, Suja, et al. "Classifying Host Anomalies: Using Ontology in Information Security Monitoring." Cyber Security, Cyber Crime and Cyber Forensics: Applications and Perspectives, edited by Raghu Santanam, et al., IGI Global, 2011, pp. 70-86. https://doi.org/10.4018/978-1-60960-123-2.ch006

APA

Ramachandran, S., Mundada, R., Bhattacharjee, A., Murthy, C., & Sharma, R. (2011). Classifying Host Anomalies: Using Ontology in Information Security Monitoring. In R. Santanam, M. Sethumadhavan, & M. Virendra (Eds.), Cyber Security, Cyber Crime and Cyber Forensics: Applications and Perspectives (pp. 70-86). IGI Global. https://doi.org/10.4018/978-1-60960-123-2.ch006

Chicago

Ramachandran, Suja, et al. "Classifying Host Anomalies: Using Ontology in Information Security Monitoring." In Cyber Security, Cyber Crime and Cyber Forensics: Applications and Perspectives, edited by Raghu Santanam, M. Sethumadhavan, and Mohit Virendra, 70-86. Hershey, PA: IGI Global, 2011. https://doi.org/10.4018/978-1-60960-123-2.ch006

Export Reference

Mendeley
Favorite

Abstract

In this chapter, the authors propose an ontology based approach to classify the anomalous events occurring in a number of hosts, thus filtering the interesting or non-trivial events requiring immediate attention from a set of events. An ontology is developed to structure the domain of anomaly detection. It expresses the semantic relationships among the attributes of an anomaly detection system and events collected by it. The system harnesses the reasoning capability of ontology and that of inference engine to make meaningful assumptions about anomaly events. This enables automatic classification of the reported anomalies based on the functionality and significance of the originating host as well as the associated system resource or parameter.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.