Ontology for host-based anomaly detection


Publication date



Høgskolen i Oslo. Avdeling for ingeniørutdanning

Document type


Master i nettverks- og systemadministrasjon


This project is about the description of ontologies for anomaly detection in computer systems. The special case of the anomaly detection system in Cfengine is used as a case study. Cfengine was designed at Oslo University College, based on a considerable body of research, and thus we have detailed insight into its operation. The Cfengine environment daemon collects many events in collaboration with cfagent that are presented to a system administrator for further analysis and countermeasures. In this work we want to make use of ontologies to structure the knowledge in a way that makes the process of reasoning about anomalies clearer. Ultimately, one could imagine that ontology capabilities would enable computers to perform automatic filtering process through inferencing and reasoning about their problem space.


Permanent URL (for citation purposes)

  • http://hdl.handle.net/10642/466