Current state of the art intrusion detection and prevention systems (IDPS) are signature-based systems that detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases.
These systems are incapable of taking advantage of heterogeneous data sources for analysis of system activities for threat detection. This work presents a situation-aware intrusion detection model that integrates these heterogeneous data sources and build a semantically rich knowledge-base to detect cyber threats/vulnerabilities.
Cyber crimes are being used to assist activities like espionage, politically motivated attacks and credit card fraud at an alarming rate. For example, it describes how Tibetan computer systems were compromised giving attackers access to potentially sensitive information, reports how an attacker defaced the web-site of Turkey’s embassy in China and reports how hackers stole 40 million credit card numbers.
Authors: Sumit More | Mary Matthews | Anupam Joshi | Tim Finin