Physics

Inference

Resilience (materials science)

Inference engine

Application layer DDoS attack

The Internet

Epistemology

World Wide Web

Philosophy

Artificial intelligence

Ontology

Denial-of-service attack

Computer science

Computer security

Thermodynamics

In this paper, we propose an intelligent DDoS detection and response framework. It employs a Security Information and Event Management (SIEM) tool to detect different types of DDoS attacks using its incident detection engine. Additionally, it has an inference engine to automatically infer potential countermeasures to respond to and recover from DDoS attacks. The inference system continuously reasons for each reported incident and provides suggestions to keep the system stable. We model explicit knowledge of an IT-dependent organization at a high-level using ontologies for the organization, IT, security, and DDoS attacks. We demonstrate the connections of these ontologies with the inference system and a SIEM. This paper is a part of ongoing research for securing the maritime port ecosystem. The proposed framework not only automates the detection of DDoS attacks but also supports the implementation of automatic countermeasures. The framework can be used as a guide for cyber attack resilience in IT-dependent organizations by preventing, detecting, responding to and recovering from different types of cyber attacks.

A Framework For Intelligent DDoS Attack Detection and Response using SIEM and Ontology