printer friendly version

Ontology-based intrusion detection and prevention system for networking environments

Intrusion detection and prevention systems have always occupied a key role in the security framework of enterprises and other networking environments. While participants in the network security space have developed a number of novel solutions to address the issue of intruder attacks, there still remains a lot of room for progress.

With the rising number of attacks, it has become progressively important for developers and researchers to integrate more powerful and innovative intelligence capabilities into the security solutions. As a result, a number of research groups have focused their research efforts on addressing this shortcoming.

To this end, a researcher from the Colombia-based University of Caldas has partnered with researchers from the National University of Colombia and Spain-based Pontifical University of Salamanca, to develop an innovative solution for intrusion detection and prevention. The solution essentially leverages an ontology-based model to deliver an intelligent framework and secure network systems from intruder stacks. The solution investigates interference and reasoning models to deliver a robust, secure intrusion prevention framework.

The core framework of the solution is powered by a hybrid intelligent system that builds on clustering and artificial neural networks (ANN) concepts. This in turn, enables the solution to support both, a robust clustering model and classification model for patter recognition. The research work also discusses attack signatures, reaction rules, asserts and axioms in detail. Furthermore, it leverages an Ontology Web Language self integrated with description Logic. The solution also equips the multi-agent system to integrate event communication and correlation capabilities. That apart, the architecture also combines the functionality of both supervised and unsupervised models. These capabilities combine together to empower the research solution to support a high grade of native intelligence as compared to other conventional solutions.

A standalone aspect of the solution is that it integrates unique capabilities in terms of knowledge representation, cooperation, distribution, intelligence reasoning and reactivity. These capabilities enable the solution to outperform other competing intrusion prevention solutions in terms of performance and efficiency. Moreover, the ability of the solution to combine highly advanced neural networking with clustering algorithms is another key aspect that highlights the significance of the solution amongst its peers.

Moving forward, the researchers plan to further their efforts by conducting extensive studies that focus on enhancing the capabilities of the analyser agent. The researchers also plan to investigate the prospects of integrating high grade of intelligence capabilities in order to deliver more reliable and accurate network protection. Given the criticality of addressing intrusion detection in networking environments, it has become important for security experts and researchers to streamline their research efforts towards addressing the issue of intrusion prevention and detection. To this end, Frost & Sullivan believes that the research work will be of strong significance in the immediate future.

Share this article:

Further reading: