Ontology for host-based anomaly detection

Author(s)

Publication date

2007

Publisher

Høgskolen i Oslo. Avdeling for ingeniørutdanning

Document type

Description

Master i nettverks- og systemadministrasjon

Abstract

This project is about the description of ontologies for anomaly detection in computer systems. The special case of the anomaly detection system in Cfengine is used as a case study. Cfengine was designed at Oslo University College, based on a considerable body of research, and thus we have detailed insight into its operation. The Cfengine environment daemon collects many events in collaboration with cfagent that are presented to a system administrator for further analysis and countermeasures. In this work we want to make use of ontologies to structure the knowledge in a way that makes the process of reasoning about anomalies clearer. Ultimately, one could imagine that ontology capabilities would enable computers to perform automatic filtering process through inferencing and reasoning about their problem space.

Keywords

Permanent URL (for citation purposes)

  • http://hdl.handle.net/10642/466