Computer Science ›› 2015, Vol. 42 ›› Issue (1): 129-136.doi: 10.11896/j.issn.1002-137X.2015.01.031

Previous Articles     Next Articles

Network Security Emergency Response Based on CBR and Description Logic

JIANG Fei, GU Tian-long, XU Zhou-bo and CHANG Liang   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Network security emergency response is the focus of information security policy for future.The current emergency response mainly depends on the incident response team and safety manager,which can effectively deal with part of security incidents,but not give the reasonable,fast,effective processing method for security incidents under specific environment.To solve this problem,the paper proposed an intelligent method based on case based reasoning and description logic for network security emergency response,to handle specific security incidents automatically.First,we used description logic to describe domain knowledge of network security emergency response,and then designed a good matching algorithm of similarity based on refinement operator and refinement graph,gave the realization process of the CBR in emergency response,and finally used the specific examples to validate the proposed method in this paper.The results show that the method has the characteristics of clear semantics,automatic classification of concept and good reasoning ability,and can get the current problem solution from past security incidents,and is capable of giving the handling method of security incidents under specific environment.

Key words: Network security incident,Case based reasoning,Description logic,Emergency response

[1] Mitropoulos S,Dimitrios P,Christos D.On Incident Handlingand Response:A state-of-the-art approach [J].Computers & Security,2006,25(5):351-370
[2] Danyliw R,Meijer J,Demchenko Y.RFC 5070:The IncidentObject Description Exchange Format .http:/www.ietf.org/rfc./rfc5070.txt
[3] Scarfone K,Grance T,Masone K.Computer security incident handling guide[J].NIST Special Publication,2008,800(61):38
[4] European Network Information Security Agency.Good practice guide for incident management [EB/OL] .[2013-12-09].https://www.enisa.europa.eu/activities/cert/support/incident-management/files/good-practice-guide-for-incident-management (下转第163页)(上接第136页)
[5] Ahmad A,Hadgkiss J,Ruighaver A B.Incident response teams-Challenges in supporting the organizational security function[J].Computers & Security,2012,31(5):643-652
[6] Gonzalez J W J J,Kossakowski K P,Wiik J.Limits to Effectiveness in Computer Security Incident Response Teams[C]∥Proc.of Twenty Third International Conference of the System Dynamics Society.Boston,Massachusetts,2005
[7] Hashemi S H,Babaeizadeh M,Nowruzi M,et al.A comprehensive semi-automated incident handling workflow[C]∥Proc.of IEEE Symp on Sixth International Telecommunications (IST).2012:1065-1070
[8] Ping L,Haifeng Y,Guoqing M.An incident response decisionsupport system based on CBR and ontology[C]∥Proc.of the 2010 Int Conf on Computer Application and System Modeling (ICCASM).IEEE,2010,11:337-340
[9] Nowruzi M,Jazi H H,Dehghan M,et al.A comprehensive classification of incident handling information[C]∥Proc.of IEEE Symp on Sixth International Telecommunications (IST).2012:1071-1075
[10] 罗杰文,施智平,何清,等.一种CBR与RBR相结合的快速预案生成系统[J].计算机研究与发展,2007,44(4):660-666
[11] Aamodt A,Plaza E.Case-based reasoning:Foundational issues,methodological variations,and system approaches [J].AI communications,1994,7(1):39-59
[12] Gómez-Albarrán M,González-Calero P A,Díaz-Agudo B,et al.Modelling the CBR Life Cycle Using Description Logics[M].Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,1999:147-161
[13] Zeghib Y,De Beuvron F ,Kullmann M.Using description lo-gics for designing the case base in a hybrid approach for diagnosis integrating model and case-based reasoning[M].Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,2001:561-575
[14] 方滨兴.建设网络应急体系保障网络空间安全[J].通讯学报,2002,3(5):4-8
[15] Bergmann R,Kolodner J,Plaza E.Representation in case-based reasoning[J].The Knowledge Engineering Review,2005,20(3):209-213
[16] 刘欣然.一种新型网络攻击分类体系[J].通信学报,2006,27(2):160-167
[17] Cunningham P.A Taxonomy of Similarity Mechanisms for Case-Based Reasoning[J].IEEE Trans on Knowledge and Data Engineering,2009,1(11):1532-1543
[18] Sánchez-Ruiz A A,Ontaón S,González-Calero P A,et al.Measuring similarity in description logics using refinement operators[M]∥Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,2011:289-303
[19] Sánchez-Ruiz A A,Ontaón S,González-Calero P A,et al.Refinement-Based Similarity Measure over DL Conjunctive Queries[M]∥Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,2013:270-284
[20] Amailef K,Lu J.Ontology-supported case-based reasoning approach for intelligent m-Government emergency response services[J].Decision Support Systems,2013,55(1):79-97
[21] Vander Laag P R J,Nienhuys-Cheng S H.Completeness andproperness of refinement operators in inductive logic programming[J].The Journal of Logic Programming,1998,34(3):201-225
[22] Lehmann J,Hitzler P.Foundations of refinement operators for description logics[M]∥Inductive Logic Programming.Springer Berlin Heidelberg,2008:161-174

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!