<  Back to the Polytechnique Montréal portal

Détection d'intrusion à l'aide d'un système expert basé sur l'ontologie

Étienne Ducharme

Master's thesis (2017)

Open Access document in PolyPublie
[img]
Preview
Open Access to the full text of this document
Terms of Use: All rights reserved
Download (3MB)
Show abstract
Hide abstract

Abstract

Computer attacks are an important reality today. Their ubiquity is explained by the fact that attackers can take advantage of the growing complexity of the information systems environment. This is due to a massive computerization of activities, such as the storage of personal data, and the integration of new technologies, such as wireless technologies. The lure of gain is increasing and the attack surfaces are bigger than ever. Traditional defence mechanisms are struggling to adapt to this heterogeneous environment due to the broad spectrum of information it contains. It is through detection rules that defence systems perform intrusion detection. Unfortunately, the languages in which these detection rules are written have several weaknesses. On the one hand, their writings require great expertise. On the other hand, these languages make it difficult to make concepts of different natures interact. Humans have been involved in the intrusion detection process to address this weakness. Thereby, intrusion detection is subject to human weaknesses, such as reliability and performance. We propose to computerize the intrusion detection process with the use of an expert system. This type of tool is a system that replicates the reasoning of a human expert. The expert system that we propose is DIOSE (Détection d'Intrusion avec l'Ontologie par un Système Expert). It will be based on ontologies, which are methods of representation of knowledge that make it possible to explain a concept so that it can be understood by a machine. The uses of ontological database provide flexibility that makes it possible to move from a detection based only on events, to a detection based on both events, event contexts and vulnerabilities. This is to improve the detection of computer attacks by correlating different information collected. A representation of knowledge with the ontology will also allow to use the abstraction to bring the language of the rules of detection of intrusion closer to the language of the expert.

Résumé

ABSTRACT: Computer attacks are an important reality today. Their ubiquity is explained by the fact that attackers can take advantage of the growing complexity of the information systems environment. This is due to a massive computerization of activities, such as the storage of personal data, and the integration of new technologies, such as wireless technologies. The lure of gain is increasing and the attack surfaces are bigger than ever. Traditional defence mechanisms are struggling to adapt to this heterogeneous environment due to the broad spectrum of information it contains. It is through detection rules that defence systems perform intrusion detection. Unfortunately, the languages in which these detection rules are written have several weaknesses. On the one hand, their writings require great expertise. On the other hand, these languages make it difficult to make concepts of different natures interact. Humans have been involved in the intrusion detection process to address this weakness. Thereby, intrusion detection is subject to human weaknesses, such as reliability and performance. We propose to computerize the intrusion detection process with the use of an expert system. This type of tool is a system that replicates the reasoning of a human expert. The expert system that we propose is DIOSE (Détection d'Intrusion avec l'Ontologie par un Système Expert). It will be based on ontologies, which are methods of representation of knowledge that make it possible to explain a concept so that it can be understood by a machine. The uses of ontological database provide flexibility that makes it possible to move from a detection based only on events, to a detection based on both events, event contexts and vulnerabilities. This is to improve the detection of computer attacks by correlating different information collected. A representation of knowledge with the ontology will also allow to use the abstraction to bring the language of the rules of detection of intrusion closer to the language of the expert.

Department: Department of Computer Engineering and Software Engineering
Program: Génie informatique
Academic/Research Directors: Éric Gingras and Jose Manuel Fernandez
PolyPublie URL: https://publications.polymtl.ca/2923/
Institution: École Polytechnique de Montréal
Date Deposited: 03 Apr 2018 13:52
Last Modified: 05 Apr 2024 13:32
Cite in APA 7: Ducharme, É. (2017). Détection d'intrusion à l'aide d'un système expert basé sur l'ontologie [Master's thesis, École Polytechnique de Montréal]. PolyPublie. https://publications.polymtl.ca/2923/

Statistics

Total downloads

Downloads per month in the last year

Origin of downloads

Repository Staff Only

View Item View Item