基于本体的拜占庭攻击建模及检测的研究
摘要
互联网的广泛应用带来了诸多网络安全问题,进而促进了网络攻击的检测与防御技术的发展。拜占庭攻击(Byzantine Attacks)指通信网络中攻击者控制若干授权节点并且任意干扰或破坏网络的攻击方式。拜占庭攻击作为一种主动型内部攻击极易危害网络中各节点的正常通信。防御和检测拜占庭攻击一直是网络安全领域最难解决的问题之一。由于拜占庭攻击的特殊性与多样性等特征,使得网络节点如何能够防御多类拜占庭攻击及联合拜占庭攻击成为研究人员关注的一个焦点。另外,如何建立一个完备的拜占庭攻击模型也逐渐成为研究人员关注的另一个焦点。
我们着眼于拜占庭攻击研究中的这些焦点问题,提出了一种可用于安全主动防御体系的拜占庭攻击本体模型。本体作为一项知识表示技术能够严格的定义概念与概念之间的关系。本体的目标是描述相关领域的知识,确定该领域内共同认可的概念,提供对该领域知识的共同理解,并从不同层次的形式化模式上给出这些概念间相互关系的明确定义。我们基于本体技术的要求,首先从三个方面(概念类、关系、推理)对拜占庭攻击进行了分层的概念和属性的描述;然后利用本体描述语言OWL对攻击本体实例进行了描述,OWL具有良好的描述逻辑、描述框架能力,能够清晰的表达出对象的概念间的关系;最后利用规则语言SWRL来描述构建本体知识库的相关攻击推理规则。利用SWRL在OWL中加入规则,可以提供更强的逻辑表达能力。模型演绎与规则推理均在ProtégéTab上编译通过,并完成规则测试。通过对拜占庭攻击实例的分析,该本体模型不仅可以实现拜占庭攻击概念的通用表达及关系描述,而且可以实现各节点之间的信息共享与协同检测。
The extensive use of the Internet has brought a lot of network security problems which contributes to a detection of network attack and the prevention of technology. Byzantine Attacks refers to the network attack which means that the communication network and the number of authorized nodes are controlled, disrupted or interfered with by the attackers. Each node normal communications in the network extremely be attacked by Byzantine Attacks as a kind of active internal attacks. The prevention and detection of Byzantine attack has been the most difficult problems in the network security field.Since Byzantine attack has special features and diversity. How to defend against many types of Byzantine Attack and the United Byzantine Attack with network node has been a focus which researchers paid attention to.
We present a Byzantine attack ontology model which is used in the active defense system to solve these hot points in the studies of Byzantine attack. Ontology can define the relationship between two concepts strictly as a knowledge representation technology. The target of ontology is description of knowledge of related fields, the establishment of the concept which the common people recognized in the areas, the provision of common understanding of the knowledge in this area and the clear definition of the interrelationship between these concepts. At first we described layered concepts and properties of Byzantine attack from three aspects, classes, relation and reasoning based on the requirements of ontology. Then we described attack ontology instance using ontology language. OWL has a good capacity of description logic to describe the framework, it is also able to express the relationship between the concept of object clearly. At last we described the inference rules related to attack which is used to construct ontological knowledge using rule language SWRL. That Added rules to OWL using SWRL can provide more ability of logic expression .Model of deductive reasoning and rules has been compiled through ProtégéTab and it also has been completed test rules. Ontology model not only can express Byzantine attack concept and describe the relationship between concepts, but also can share information between each node and detect it synergistically.
我们着眼于拜占庭攻击研究中的这些焦点问题,提出了一种可用于安全主动防御体系的拜占庭攻击本体模型。本体作为一项知识表示技术能够严格的定义概念与概念之间的关系。本体的目标是描述相关领域的知识,确定该领域内共同认可的概念,提供对该领域知识的共同理解,并从不同层次的形式化模式上给出这些概念间相互关系的明确定义。我们基于本体技术的要求,首先从三个方面(概念类、关系、推理)对拜占庭攻击进行了分层的概念和属性的描述;然后利用本体描述语言OWL对攻击本体实例进行了描述,OWL具有良好的描述逻辑、描述框架能力,能够清晰的表达出对象的概念间的关系;最后利用规则语言SWRL来描述构建本体知识库的相关攻击推理规则。利用SWRL在OWL中加入规则,可以提供更强的逻辑表达能力。模型演绎与规则推理均在ProtégéTab上编译通过,并完成规则测试。通过对拜占庭攻击实例的分析,该本体模型不仅可以实现拜占庭攻击概念的通用表达及关系描述,而且可以实现各节点之间的信息共享与协同检测。
The extensive use of the Internet has brought a lot of network security problems which contributes to a detection of network attack and the prevention of technology. Byzantine Attacks refers to the network attack which means that the communication network and the number of authorized nodes are controlled, disrupted or interfered with by the attackers. Each node normal communications in the network extremely be attacked by Byzantine Attacks as a kind of active internal attacks. The prevention and detection of Byzantine attack has been the most difficult problems in the network security field.Since Byzantine attack has special features and diversity. How to defend against many types of Byzantine Attack and the United Byzantine Attack with network node has been a focus which researchers paid attention to.
We present a Byzantine attack ontology model which is used in the active defense system to solve these hot points in the studies of Byzantine attack. Ontology can define the relationship between two concepts strictly as a knowledge representation technology. The target of ontology is description of knowledge of related fields, the establishment of the concept which the common people recognized in the areas, the provision of common understanding of the knowledge in this area and the clear definition of the interrelationship between these concepts. At first we described layered concepts and properties of Byzantine attack from three aspects, classes, relation and reasoning based on the requirements of ontology. Then we described attack ontology instance using ontology language. OWL has a good capacity of description logic to describe the framework, it is also able to express the relationship between the concept of object clearly. At last we described the inference rules related to attack which is used to construct ontological knowledge using rule language SWRL. That Added rules to OWL using SWRL can provide more ability of logic expression .Model of deductive reasoning and rules has been compiled through ProtégéTab and it also has been completed test rules. Ontology model not only can express Byzantine attack concept and describe the relationship between concepts, but also can share information between each node and detect it synergistically.
引文
[1] Baruch Awerbuch, Reza Curtmola, David Holmer. Mitigating Byzantine Attacks in Ad Hoc Wireless Networks[R]. Technical Report Version 1, March,2004.
[2] Neches R, Fikes R E, Gruber T R ,et al. Enabling Technology for Knowledge Sharing,AIMagazine, 1991 ,12 (3) :36-56
[3] Gruber T R.A Translation Approach to Portable Ontology Specifications. Knowledge Acquisition ,1993,5 :199-220
[4] Borst W N. Construction of Engineering Ontologies for Knowledge Sharing and Reuse. PhD thesis ,University of Twente ,Enschede ,1997
[5] Studer R ,Benjamins V R ,Fensel D. Knowledge Engineering ,Principles and Methods. Data and Knowledge Engineering ,1998 ,25 (1-2) :161-197
[6] Y.-C. Hu, A. Perrig, and D. B. Johnson,“Rushing attacks and defense in wireless ad hoc network routing protocols,”in ACM Workshop on Wireless Security (WiSe), 2003.
[7] S. Marti, T. Giuli, K. Lai, and M. Baker,“Mitigating routing misbehavior in mobile ad hoc networks,”in The 6th ACM International Conference on Mobile Computing and Networking, August 2000
[8] P. Papadimitratos and Z. Haas,“Secure data transmission in mobile ad hoc networks,”in 2nd ACM Workshop on Wireless Security (WiSe), 2003
[9] SHARMA S, GUPTA R. Simultion Study Of Blackhole Attack In The Mobile Ad Hoc Network[J]. Journal of Engineering Science and Technology Vol. 4,No. 2 . 2009. 243-250.
[10] C. Perkins, E. Belding-Royer, and S. Das, Ad hoc On-Demand Distance Vector (AODV) Routing. IETF– Network Working Group, The Internet Society, July 2003.
[11] Y.-C. Hu, A. Perrig, and D. B. Johnson,“Packet leashes: A defense against wormhole attacks in wireless ad hoc networks,”in Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), April 2003.
[12] Baras J, Radosavac S, Theodorakopoulos G. Intrusion Detection System Resiliency To Byzantine Attacks The Case Study Of Wormholes In OLSR[A]. Research supported by the U.S. Army Research Laboratory under the Collaborative Technology Alliance Program. 2008.
[13] L. Hu and D. Evans,“Using directional antennas to prevent wormhole attacks”,NDSS 2004, 2004.
[14] Awerbuch B, Curtmola R, Holmer D et al. ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks[J]. ACM Transactions on Information and System Security, Vol. 10, No. 4, Article 18. 2008. 27-31.
[15] Newsome J, Song D, Perrig A et al. The Sybil Attack in Sensor Networks: Analysis & Defenses[C]. ACM. Berkeley, California, USA. 2004. 26-27.
[16]冯涛,马建峰.防御无线传感器网络Sybil攻击的新方法[J],通信学报, Vol 29. 2008. 13-17.
[17] Lamport L, Shostak R, Pease M. The Byzantine generals problem in Advances in Ultra-Dependable Distributed Systems[J], IEEE Computer Society Press, 1995.
[18] M. Al-Shurman, S-M. Yoo, and S. Park. Black Hole Attack in Mobile Ad Hoc Networks[C]. ACM Southeast Regional Conf. 2004.
[19] Y.-C. Hu, A. Perrig, D. B. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols[R]. ACM Workshop on Wireless Security (WiSe), 2003.
[20] Y.-C. Hu, A. Perrig, D. B. Johnson. Wormhole Attacks in Wireless Networks [J]. IEEE JSAC, vol. 24, Feb. 2006.
[21] Awerbuch B, Curtmola R, Holmer D et al. ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks[J]. ACM Transactions on Information and System Security, Vol. 10, No. 4, Article 18. 2008. 27-31.
[22] BN Levine, C Shields, NB Margolin. A survey of solutions to the sybil attack[R]. Amherst: University of Massachusetts Amherst, 2006.
[23] J. R. Douceur. The Sybil attack. In First International Workshop on Peer-to-Peer Systems (IPTPS '02) [R]. Mar. 2002.
[24]陆建江,苗壮,张弧非,周波.语义网原理与技术.北京:科学如版社,2007
[25]杨秋芬,陈跃新.Ontology方法学综述.计算机应用与研究,2002(4):5-7
[26] Guarino N. Semantic Matching : Formal Ontological Distinctions for Information Organization , Extraction ,and Integration. In :Pazienza M T,eds. Information Extraction :A Multidisciplinary Approach to an Emerging Information Technology ,Springer Verlag ,1997 ,139-170
[27] Guarino N ,Welty C.A Formal Ontology of Properties. In :Dieg R ,Corby O ,eds. the Proceedings of the 12th International Conference on Knowledge Engineering and Knowledge Management ( EKAW’2000) , Springer Verlag ,2000 ,97-112
[28] Studer R, Benjamins VR, Fensel D. Knowledge Engineering ,Principles and Methods. Data and Knowledge Engineering ,1998 ,161-197
[29] Perez AG, Benjamins VR. Overview of Knowledge Sharing and Reuse Components. Ontologies and Problem-Solving Methods. In :Stockholm V R ,Benjamins B ,Chandrasekaran A ,eds. Proceedings of the IJCAI299 workshop on Ontologies and Problem-Solving Methods (KRR5) 1999 , 1-15.
[30]邓志鸿,唐世渭.本体研究综述.北京大学学报(自然科学版),2002.9.38卷
[31] Fikes R, McGuinness DL. AnAxiomatic Semantics for RDF, RDFS, Owl.http://www.w3.org/TR/daml+oil-axioms, December 2008
[32] Bemem - Lee T. Axioms ,Architecture and Aspirations. W3C Plenary Meeting ,2001
[33] W3C ,OWL Web Ontology Language Guide. 2004,http :// www. w3. org/ TR/ owl -features/
[34] Baader F,Calvanese D,McGuinness D,et a1.The Description Logic Handbook:Theory,Implementation and Applications.Cambridge:Cambridge University Press,2003
[35] Baader F,Horrocks I,Sattler U.Description logics as ontology languages for the semantic web.Lecture Notes in Artificial Intelligence,2005,228-248
[36] Chaudhri V K,FarquharA,Fikes R,et a1.OKBC:a programmatic foundation forknowledge base interoperability。In:Proceedings of the Fifteenth National Conference OR Artificial Intelligence.Madison,Wisconsin,USA,1998:600-607
[37] RDF. Resource description framework (rdf) schema specification, 1999
[38] W3C. Extensible Markup Language. 2003 ,http://www.w3c.org/XML/
[39] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML Version 0.5 of 19 November 2003: http://www.daml.org/2003/11/swrl/
[40] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML W3C Member Submission 2l May 2004, http://www.w3.org/Submission/ 2004/SUBM-SWRL-20040521/
[41] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML Draft Version 0.7 of 21 December 2004: http://www.daml.org/rules/proposal/
[42] Peter F.Patel-Schneider.A Proposal for a SWRL Extension towards First-Order Logic W3C Member Submission 11 April 2005, http://www.w3.org/ Submission/2005/SUBM-SWRL-FOL-20050411
[43] Jeffrey Undercoffer and John Pinkston, Modeling Computer Attacks: A Target-Centric Ontology for Intrusion Detection, Department of Computer Science and Electrical Engineering,2003
[44] John Howard, An Analysis of Security Incidents on the Internet. PhD thesis, Carnegie Mellon University, 1997.
[45] Matthew V. Mahoney and Philip K. Chan. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection[J]. Springer-Verlag Berlin Heidelberg.2003.
[46] Richard Lippmann,Joshua W.Haines,David J.Fried,Jonathan Korba,Kumar Das.The 1999 DARPA Off-Line Intrusion Detection Evaluation.Lincoln Laboratory MIT,2001
[47] H. Debar, D. Curry, and B. Feinstein,“The Intrusion Detection Message Exchange Format (IDMEF),”in IETF Request for Comments 4765, March 2006.
[48] Nathan Carey,Andrew Clark and George Mohay.IDS Interoperability and Correlation Using IDMEF and Commodity Systems[J].Information Security Research Centre.Faculty of Information Technology.2004
[49] Undercoffer J, Joshi A, Pinkston J. Modeling Computer Attacks: An Ontology for Intrusion Detection[C]. Springer-Verlag Berlin Heidelberg.pp .2003. 131-135
[50] Cuppens-Boulahia N, Cuppens F, Jorge E. Vergara L, An ontology-based approach to react to network attacks,2008
[51] Andrew Simmonds, Peter Sandilands, Louis van Ekert, An Ontology for Network Security Attacks, Faculty of IT, University of Technology Sydney, PO Box 123, Broadway, NSW 2007
[52] Abdoli F, Meibody N, Bazoubandi R. An Attacks Ontology for computer and networks attack[B]. Innovations and Advances in Computer Sciences and Engineering. 2010. 473-476.
[53] Liu FH, Lee WT. Constructing Enterprise Information Network Security RiskManagement Mechanism by Ontology[J]. Tamkang Journal of Science and Engineering, Vol. 13, 2010. 79-87.
[54] Afshin Rezakhani Roozbahani,Ramin Nassiri,GolamReza Latif- Shabgahi .Attacks Classification to Improve the Power of Snorts.Tnternational Forum on Computer Science-Technology and Applications.2009
[55] Benali F, Legrand V, Ubéda S. An ontology for the management of heteregenous alerts of information system[C]. In The 2007 International Conference on Security and Management (SAM'07), Las Vegas, USA. 2007.
[56] Awerbuch B, Curtmola R, Holmer D et al. On the survivability of routing protocols in ad hoc wireless networks. In Proc. of SecureComm. IEEE. 2005.
[57] Michael Denny. Ontology Building: A Survey of Editing Tools.2006. http://www.xml.com/pub/a/2002/11/06/ontologies.html
[58] ProtégéTool.Stanford.2010. http:// Protégé.stanford.edu/
[59] Scan Bechhofer. The DIG Description Logic Interface:DIG/1.1. http://dl-web.Mail.ae.uk/dig/2003/02/interface.pdf
[60] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML W3C Member Submission 2l May 2004, http://www.w3.org/ Submission /2004/SUBM-SWRL-2004
[2] Neches R, Fikes R E, Gruber T R ,et al. Enabling Technology for Knowledge Sharing,AIMagazine, 1991 ,12 (3) :36-56
[3] Gruber T R.A Translation Approach to Portable Ontology Specifications. Knowledge Acquisition ,1993,5 :199-220
[4] Borst W N. Construction of Engineering Ontologies for Knowledge Sharing and Reuse. PhD thesis ,University of Twente ,Enschede ,1997
[5] Studer R ,Benjamins V R ,Fensel D. Knowledge Engineering ,Principles and Methods. Data and Knowledge Engineering ,1998 ,25 (1-2) :161-197
[6] Y.-C. Hu, A. Perrig, and D. B. Johnson,“Rushing attacks and defense in wireless ad hoc network routing protocols,”in ACM Workshop on Wireless Security (WiSe), 2003.
[7] S. Marti, T. Giuli, K. Lai, and M. Baker,“Mitigating routing misbehavior in mobile ad hoc networks,”in The 6th ACM International Conference on Mobile Computing and Networking, August 2000
[8] P. Papadimitratos and Z. Haas,“Secure data transmission in mobile ad hoc networks,”in 2nd ACM Workshop on Wireless Security (WiSe), 2003
[9] SHARMA S, GUPTA R. Simultion Study Of Blackhole Attack In The Mobile Ad Hoc Network[J]. Journal of Engineering Science and Technology Vol. 4,No. 2 . 2009. 243-250.
[10] C. Perkins, E. Belding-Royer, and S. Das, Ad hoc On-Demand Distance Vector (AODV) Routing. IETF– Network Working Group, The Internet Society, July 2003.
[11] Y.-C. Hu, A. Perrig, and D. B. Johnson,“Packet leashes: A defense against wormhole attacks in wireless ad hoc networks,”in Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), April 2003.
[12] Baras J, Radosavac S, Theodorakopoulos G. Intrusion Detection System Resiliency To Byzantine Attacks The Case Study Of Wormholes In OLSR[A]. Research supported by the U.S. Army Research Laboratory under the Collaborative Technology Alliance Program. 2008.
[13] L. Hu and D. Evans,“Using directional antennas to prevent wormhole attacks”,NDSS 2004, 2004.
[14] Awerbuch B, Curtmola R, Holmer D et al. ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks[J]. ACM Transactions on Information and System Security, Vol. 10, No. 4, Article 18. 2008. 27-31.
[15] Newsome J, Song D, Perrig A et al. The Sybil Attack in Sensor Networks: Analysis & Defenses[C]. ACM. Berkeley, California, USA. 2004. 26-27.
[16]冯涛,马建峰.防御无线传感器网络Sybil攻击的新方法[J],通信学报, Vol 29. 2008. 13-17.
[17] Lamport L, Shostak R, Pease M. The Byzantine generals problem in Advances in Ultra-Dependable Distributed Systems[J], IEEE Computer Society Press, 1995.
[18] M. Al-Shurman, S-M. Yoo, and S. Park. Black Hole Attack in Mobile Ad Hoc Networks[C]. ACM Southeast Regional Conf. 2004.
[19] Y.-C. Hu, A. Perrig, D. B. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols[R]. ACM Workshop on Wireless Security (WiSe), 2003.
[20] Y.-C. Hu, A. Perrig, D. B. Johnson. Wormhole Attacks in Wireless Networks [J]. IEEE JSAC, vol. 24, Feb. 2006.
[21] Awerbuch B, Curtmola R, Holmer D et al. ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks[J]. ACM Transactions on Information and System Security, Vol. 10, No. 4, Article 18. 2008. 27-31.
[22] BN Levine, C Shields, NB Margolin. A survey of solutions to the sybil attack[R]. Amherst: University of Massachusetts Amherst, 2006.
[23] J. R. Douceur. The Sybil attack. In First International Workshop on Peer-to-Peer Systems (IPTPS '02) [R]. Mar. 2002.
[24]陆建江,苗壮,张弧非,周波.语义网原理与技术.北京:科学如版社,2007
[25]杨秋芬,陈跃新.Ontology方法学综述.计算机应用与研究,2002(4):5-7
[26] Guarino N. Semantic Matching : Formal Ontological Distinctions for Information Organization , Extraction ,and Integration. In :Pazienza M T,eds. Information Extraction :A Multidisciplinary Approach to an Emerging Information Technology ,Springer Verlag ,1997 ,139-170
[27] Guarino N ,Welty C.A Formal Ontology of Properties. In :Dieg R ,Corby O ,eds. the Proceedings of the 12th International Conference on Knowledge Engineering and Knowledge Management ( EKAW’2000) , Springer Verlag ,2000 ,97-112
[28] Studer R, Benjamins VR, Fensel D. Knowledge Engineering ,Principles and Methods. Data and Knowledge Engineering ,1998 ,161-197
[29] Perez AG, Benjamins VR. Overview of Knowledge Sharing and Reuse Components. Ontologies and Problem-Solving Methods. In :Stockholm V R ,Benjamins B ,Chandrasekaran A ,eds. Proceedings of the IJCAI299 workshop on Ontologies and Problem-Solving Methods (KRR5) 1999 , 1-15.
[30]邓志鸿,唐世渭.本体研究综述.北京大学学报(自然科学版),2002.9.38卷
[31] Fikes R, McGuinness DL. AnAxiomatic Semantics for RDF, RDFS, Owl.http://www.w3.org/TR/daml+oil-axioms, December 2008
[32] Bemem - Lee T. Axioms ,Architecture and Aspirations. W3C Plenary Meeting ,2001
[33] W3C ,OWL Web Ontology Language Guide. 2004,http :// www. w3. org/ TR/ owl -features/
[34] Baader F,Calvanese D,McGuinness D,et a1.The Description Logic Handbook:Theory,Implementation and Applications.Cambridge:Cambridge University Press,2003
[35] Baader F,Horrocks I,Sattler U.Description logics as ontology languages for the semantic web.Lecture Notes in Artificial Intelligence,2005,228-248
[36] Chaudhri V K,FarquharA,Fikes R,et a1.OKBC:a programmatic foundation forknowledge base interoperability。In:Proceedings of the Fifteenth National Conference OR Artificial Intelligence.Madison,Wisconsin,USA,1998:600-607
[37] RDF. Resource description framework (rdf) schema specification, 1999
[38] W3C. Extensible Markup Language. 2003 ,http://www.w3c.org/XML/
[39] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML Version 0.5 of 19 November 2003: http://www.daml.org/2003/11/swrl/
[40] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML W3C Member Submission 2l May 2004, http://www.w3.org/Submission/ 2004/SUBM-SWRL-20040521/
[41] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML Draft Version 0.7 of 21 December 2004: http://www.daml.org/rules/proposal/
[42] Peter F.Patel-Schneider.A Proposal for a SWRL Extension towards First-Order Logic W3C Member Submission 11 April 2005, http://www.w3.org/ Submission/2005/SUBM-SWRL-FOL-20050411
[43] Jeffrey Undercoffer and John Pinkston, Modeling Computer Attacks: A Target-Centric Ontology for Intrusion Detection, Department of Computer Science and Electrical Engineering,2003
[44] John Howard, An Analysis of Security Incidents on the Internet. PhD thesis, Carnegie Mellon University, 1997.
[45] Matthew V. Mahoney and Philip K. Chan. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection[J]. Springer-Verlag Berlin Heidelberg.2003.
[46] Richard Lippmann,Joshua W.Haines,David J.Fried,Jonathan Korba,Kumar Das.The 1999 DARPA Off-Line Intrusion Detection Evaluation.Lincoln Laboratory MIT,2001
[47] H. Debar, D. Curry, and B. Feinstein,“The Intrusion Detection Message Exchange Format (IDMEF),”in IETF Request for Comments 4765, March 2006.
[48] Nathan Carey,Andrew Clark and George Mohay.IDS Interoperability and Correlation Using IDMEF and Commodity Systems[J].Information Security Research Centre.Faculty of Information Technology.2004
[49] Undercoffer J, Joshi A, Pinkston J. Modeling Computer Attacks: An Ontology for Intrusion Detection[C]. Springer-Verlag Berlin Heidelberg.pp .2003. 131-135
[50] Cuppens-Boulahia N, Cuppens F, Jorge E. Vergara L, An ontology-based approach to react to network attacks,2008
[51] Andrew Simmonds, Peter Sandilands, Louis van Ekert, An Ontology for Network Security Attacks, Faculty of IT, University of Technology Sydney, PO Box 123, Broadway, NSW 2007
[52] Abdoli F, Meibody N, Bazoubandi R. An Attacks Ontology for computer and networks attack[B]. Innovations and Advances in Computer Sciences and Engineering. 2010. 473-476.
[53] Liu FH, Lee WT. Constructing Enterprise Information Network Security RiskManagement Mechanism by Ontology[J]. Tamkang Journal of Science and Engineering, Vol. 13, 2010. 79-87.
[54] Afshin Rezakhani Roozbahani,Ramin Nassiri,GolamReza Latif- Shabgahi .Attacks Classification to Improve the Power of Snorts.Tnternational Forum on Computer Science-Technology and Applications.2009
[55] Benali F, Legrand V, Ubéda S. An ontology for the management of heteregenous alerts of information system[C]. In The 2007 International Conference on Security and Management (SAM'07), Las Vegas, USA. 2007.
[56] Awerbuch B, Curtmola R, Holmer D et al. On the survivability of routing protocols in ad hoc wireless networks. In Proc. of SecureComm. IEEE. 2005.
[57] Michael Denny. Ontology Building: A Survey of Editing Tools.2006. http://www.xml.com/pub/a/2002/11/06/ontologies.html
[58] ProtégéTool.Stanford.2010. http:// Protégé.stanford.edu/
[59] Scan Bechhofer. The DIG Description Logic Interface:DIG/1.1. http://dl-web.Mail.ae.uk/dig/2003/02/interface.pdf
[60] Horrocks I., Patel-Schneider P.F., Boley H., Tabet S., Grosof B., and Dean M.. SWRL: A Semantic Web Rule Language Combining OWL and RuIeML W3C Member Submission 2l May 2004, http://www.w3.org/ Submission /2004/SUBM-SWRL-2004