Design, Development and Evaluation of an Ontology Model for Wireless Snort

By

ACKNOWLEDGEMENT

I would like to express my thanks to my advisor, for his suggestions, comments, patience and understanding. Very special thanks to my parents, my father, my mother, my brother and my sister who were continuously supporting me throughout my life and leaving me free in all my decisions. I would also like to thank my colleagues for his technical support whenever I needed. I would like to thank to Department, all the university managers, teachers and students with whom I have worked.

I certify that the work presented in the dissertation is my own unless referenced

Signature..........................................

Date.....................................

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________

ABSTRACT

In this paper we will introduce the notion of a detection framework to facilitate the reasoning and cooperation process of detection and response systems. The presented framework will define four dimensions as requirements to be satisfied: "What to detect", "Where to inspect", "How to decide", and "How to alert". The first dimension tries to unify the understanding of the problem between systems. The second will introduce detection features and parameters. The third dimension will exactly state how intelligent systems or expert knowledge should be deployed, while the task of the fourth is to unify the alert and message exchange format. To address the "What to detect" aspect of our framework, we have considered a network denial of service and have presented an ontology which relates three taxonomies of DoS attacks, each from a different point of view: Attack Consequence, Attack Location and Attack Scenario. For scenario based taxonomy, we will present a decision tree-like structure, which can be used as a base for attack detection. All these taxonomies will then be related to each other in ontology. An implementation of this ontology using Web Ontology Language (OWL) might help IETF's IDMEF to construct a base for a more accurate alert correlation.

TABLE OF CONTENT

ACKNOWLEDGEMENT2

DECLARATION3

ABSTRACT4

CHAPTER 1: INTRODUCTION6

CHAPTER 2: LITERATURE REVIEW8

CHAPTER 3: MEHODLOGY12

Data Collection12

Time Scale12

REFERENCES14

CHAPTER 1: INTRODUCTION

Availability is defined as one of the basic components of computer security. According to a definition by Bishop , availability refers to the ability to use the information or resource desired. Because an unavailable system is at least as bad as no system at all, subverting the availability of a system has always been one of the major goals of attackers and intruders. A specific type of malicious activity, called a "Denial of Service" (DoS) attack, threatens the availability of systems and a so called division, "Network DoS", seriously targets services in today computer networks. Although there are several definitions of the problem, they all agree that DoS is an activity with the goal of preventing the access of legitimate users to a specific service or set of ...