databases and taxonomies. • Machine-understandable. • There is no common structure of attack scenarios. • Shared conceptualization of DDoS attacks. • Semantic-level representation. • logic and inference as a solution to decision-making problems. • Constructed from semi-informal data sources. Introduction Why Knowledge?
understandable. • Employ knowledge to predict potential DDoS attacks regarding vulnerabilities, weaknesses, and prerequisites of such attacks. • Common semantic representation of attacks by which machines can communicate. Introduction Contributions
are mostly limited to the general view of network attacks. non-specific view • Taxonomies for attacks, vulnerabilities, and weaknesses (Capec, CVE, and CWE). Lack of logical assumptions, rules, and reasoning • Statistical, analytical, and machine learning detection methods. Invariant, convergence problem, lack of extendability for new concepts, and curse of dimensionality • SVM • Clustering and classification algorithms. • K-Means, DBSCAN, OPTICS, SOM, etc • Evolutionary algorithms • Neural networks
triples of type <s,p,o> Check consistency DDoS Attacks Knowledge Base Report inconsistency Reasoner DDoS Attack Ontology Manual User Inputs Direct Indirect Consistency SPARQL Queries Attack SWRL Rules DDoS Plan Detection Result Inconsistent Consistent Map triples to ontology entities
triples of type <s,p,o> Check consistency DDoS Attacks Knowledge Base Report inconsistency Reasoner DDoS Attack Ontology Manual User Inputs Direct Indirect Consistency SPARQL Queries Attack SWRL Rules DDoS Plan Detection Result Inconsistent Consistent Map triples to ontology entities