Case Retrieval for Network Security Emergency Response Based on Description Logic
Network security emergency response (NSER) is an important topic in information security.Nowadays, a large number of NSER systems and tools are developed, which can effectively detect part of security incidents and provide general best-practice guidelines for handling some type of security incidents, but not give a reasonable, fast, effective processing method for every security incidents in actual environment.An intelligent method based on case-based reasoning (CBR) and description logic (DL) is proposed for NSER.Firstly, a case base for NSER is organized in such a way that domain knowledge of NSER is described by the DL ALCO(D).Secondly, based on refinement operator and refinement graph in DLs, an algorithm for measuring the similarity of ALCO(D) concepts is designed and used for retrieving cases from the case base.It is demonstrated that our method can reuse past experiences on security incidents to generate response automatically.
Emergency response Network security incident Case based reasoning Description logic Case retrieval
Fei Jiang Tianlong Gu Liang Chang Zhoubo Xu
Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology,Guilin 541004, China
国际会议
8th International Conference on Intelligent Information Processing(2014年IFIP智能信息处理国际会议)
杭州
英文
284-293
2014-10-01(万方平台首次上网日期,不代表论文的发表时间)