Ontology-based knowledge representation for a P2P multi-agent distributed intrusion detection system

Many research efforts on application of ontology in network security have been done in the past decade. However, they mostly stop at initial proposal or focus on framework design without detailed representation of intrusion or attack and relevant detection knowledge with ontology. In this paper, the design and implementation of Ontology-Based Knowledge Representation for a Peer-to-Peer Multi-Agent Distributed Intrusion Detection System (Ontology-Based MADIDS) are introduced. An example which demonstrates the representation of an attack with ontology and the relevant detection process is also presented. In Ontology-Based MADIDS, ontology technique enables peers in the system and agents in one peer to share common understanding of information. In addition, benefited from agent technology and P2P architecture, agents in Ontology-Based MADIDS not only detect attacks on a single host but also in a distributed domain. These features make the Ontology-Based MADIDS more flexible and robust.