SECURITY POLICY INSTANTIATION TO REACT TO NETWORK ATTACKS - An Ontology-based Approach using OWL and SWRL

Jorge E. López de Vergara, Enrique Vázquez, Javier Guerra

Abstract

A quick and efficient reaction to an attack is important to address the evolution of security incidents in current communication networks. The ReD (Reaction after Detection) project’s aim is to design solutions that enhance the detection/reaction security process. This will improve the overall resilience of IP networks to attacks, helping telecommunication and service providers to maintain sufficient quality of service to comply with service level agreements. A main component within this project is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based methodology for the instantiation of these security policies. This approach provides a way to map alerts into attack contexts, which are later used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.

References

  1. A. Abou-El-kalam, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, R. El-Baida, A. Miège, C. Saurel, G. Trouessin, 2003. Organization based access control. In IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy.
  2. J. M. Bradshaw, A. Uszok, R. Jeffers, N. Suri, P. Hayes, M. H. Burstein, A. Acquisti, B. Benyo, M. R. Breedy, M. Carvalho, D. Diller, M. Johnson, S. Kulkarni, J. Lott, M. Sierhuis, R. Van Hoof, 2003. Representation and reasoning for DAML-based policy and domain services in KAoS and Nomad. In Proc. Autonomous Agents and Multi-Agent Systems Conference (AAMAS 2003), Melbourne, Australia.
  3. C. Coma, N. Cuppens-Boulahia, F. Cuppens, 2007. A context ontology based approach for secure interoperability. In 2007 Workshop of HP Software University Association. HP SUA. Munich, Germany.
  4. N. Damianou, N. Dulay, E. Lupu, M. Sloman, 2001. The Ponder Policy Specification Language. In Workshop on Policies for Distributed Systems and Networks (POLICY2001). Lecture Notes in Computer Science, Vol. 1995.
  5. H. Debar, D. Curry, B. Feinstein, 2007. The Intrusion Detection Message Exchange Format (IDMEF). IETF Request for Comments 4765.
  6. D. Geneiatakis, C. Lambrinoudakis, 2007. An ontology description for SIP security flaws. Computer Communications, Vol. 30, Issue 6, pp. 1367-1374
  7. T. R. Gruber, 1993. A Translation Approach to Portable Ontology Specifications. Knowledge Acquisition, Vol. 5, No. 2, pp. 199-220
  8. A. Guerrero, V. Villagrá, J.E. López de Vergara, A. Sánchez-Macián, J. Berrocal:, 2006. Ontology-based Policy Refinement Using SWRL Rules for Management Information Definitions in OWL. Lecture Notes in Computer Science, Vol. 4269, pp. 227-232
  9. I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, M. Dean, 2004. SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Member Submission.
  10. L. Kagal, T. Finin, A. Johshi, 2003. A Policy Language for Pervasive Computing Environment. In Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy.
  11. R.A. Martin, 2001. Managing Vulnerabilities in Networked Systems. IEEE Computer Magazine, Vol. 34, No. 11, pp. 32-38
  12. B. Moore, E. Elleson, J. Strassner, A. Westerinen, 2001. Policy Core Information Model - Version 1 Specification. IETF Request For Comments 3060.
  13. Protégé, 2007. Extensions Built-ins Library, Stanford University. Available at http://protege.cim3.net/cgibin/wiki.pl?SWRLExtensionsBuiltIns.
  14. M. K. Smith, C. Welty, D. L. McGuinness, 2004. OWL Web Ontology Language Guide. W3C Recommendation.
  15. J. Undercoffer, A. Joshi, A. Pinkston, 2003. Modeling computer attacks: an ontology for intrusion detection, Lecture Notes in Computer Science, Vol. 2820, pp. 113-135.
Download


Paper Citation


in Harvard Style

E. López de Vergara J., Vázquez E. and Guerra J. (2008). SECURITY POLICY INSTANTIATION TO REACT TO NETWORK ATTACKS - An Ontology-based Approach using OWL and SWRL . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 78-83. DOI: 10.5220/0001929300780083


in Bibtex Style

@conference{secrypt08,
author={Jorge E. López de Vergara and Enrique Vázquez and Javier Guerra},
title={SECURITY POLICY INSTANTIATION TO REACT TO NETWORK ATTACKS - An Ontology-based Approach using OWL and SWRL},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={78-83},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001929300780083},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - SECURITY POLICY INSTANTIATION TO REACT TO NETWORK ATTACKS - An Ontology-based Approach using OWL and SWRL
SN - 978-989-8111-59-3
AU - E. López de Vergara J.
AU - Vázquez E.
AU - Guerra J.
PY - 2008
SP - 78
EP - 83
DO - 10.5220/0001929300780083