According to Internet World Stats1, roughly 1/3 of the Earth’s population has ac-
cess to the internet. With the penetration rate rapidly increasing, it naturally means that not only private users are active online but also an increasing number of busi- nesses. With more users and businesses connected to the internet, there is a grow- ing risk of intrusions and other complications. In this context, intrusion detection systems are becoming more and more important.
Applications and software that help users to protect their computing and com- munication equipment from viruses and malware constitute an important research topic. Ontology has proven to be useful for detecting intrusion, as it offers pos- sibilities to analyse patterns that intruders are generating and to detect previously unknown attack methods [188].
Dai et al. [78] observe that hackers tend to be one step ahead of all security systems, creating an endless circle of data losses and a constant demand for new software to fix the previous errors. As hackers and their methods are adaptive, behaviour-based approaches have gained an increasing interest from the sides that try to protect data. These approaches are more effective when dealing with previ- ously unknown attacks [12, 150].
Malware is the common term used for describing a software that performs at- tacks on computers and simultaneously implements different techniques to avoid being detected by intrusion detection software. Wagener et al. [289] propose a possible solution to this problem; they apply similarity and distance measures on malware behaviour to create a better classification of the malware. Comparisons of similarity and distance measures for identifying malware have also been carried out, e.g. by [9]. Due to the complexity of malware, fuzzy ontology is an promising approach for aiding with intrusion detection tasks by utilizing expert knowledge.
7.2.1 Financial institutions
A financial institution offers financial services, working as an intermediary by pro- viding, for instance: loans, deposits, currency exchanges and investments. Banks and insurance companies are examples of financial institutions. The institutions own sensitive data and also significant amounts of monetary funds, which make them interesting objects for cyber-attacks.
It has to be noted that not all intrusion attempts are conducted for personal gain, such as stealing funds, but more as a challenge for achieving credibility in online
communities or getting noted by the global media. The financial institutions are attractive targets for this purpose, as people tend to react when their savings are “in danger”; the security systems protecting the institutions are challenging to break, and the hackers who manage to break them deserve some credit. Recently, there has been a global increase in attacks directed towards financial institutions. As these institutions can be considered prime targets on a nationwide scale, the treat of cyber terrorism cannot be overlooked [147, 222].
In other words, there is a high risk that the intrusion attacks are directed towards the financial sector [237]. Reports indicate that bank website outage hours are increasing every month and more and more online banking frauds occur. An old but still active financial malware is called Zeus. It was noticed already in 2006, and since then it has been re-modelled and re-customized several times so that each version requires more preventive work by the security systems. Currently, there is even a market for trading with “plug-ins” created for Zeus and, naturally, this malware is not the only one available. Recently, there has been several publications about preventing different types of attacks specifically aimed at the financial sector [178, 236].
7.2.2 Fuzzy Ontology For Intrusion/Malware Detection
Lately, there has been an increase in using ontologies for the purpose of intrusion and malware detection. Undercoffer et al. [282] constructed an ontology for intru- sion detection in the context of computer attacks, using the DAML+OIL ontology modelling language (a precursor to OWL). Simmonds et al. [257] developed an ontology to defend against attacks aimed at networks and emphasized that one should also prepare for the consequences of an successful attack and find out how the designed system should react in that scenario.
With the rapid development of mobile devices, a completely new field was cre- ated that is vulnerable to intrusions and malwares. Chiang and Tsaur [70] took the first steps towards implementing ontologies also for protecting mobile devices. They modelled an ontology based on the behaviours of known mobile malware. Hung et al. [151] created an extensive ID ontology, which also included a fea- ture allowing users to model the ontology application on a conceptual level. This broadens the possible range of users, meaning that even non-expert users could contribute to intrusion detection.
However, it has been stated several times that traditional, non-fuzzy ontologies are not suitable to deal with imprecise and vague knowledge [148, 198]. Avoiding imprecise data in the online world is close to impossible, and hence, the intro- duction of fuzzy ontologies is gaining increased interest in the research commu- nity [46, 89, 274]. Huang et al. [148–150] developed an Interval Type-2 Fuzzy Set ontology, as a novel approach to malware behavior analysis (MiT). They aim to find possible solutions to the problem with imprecise data and behavioural pat- terns. Using the Fuzzy Markup Language and the Web Ontology Language, they
managed to create a fully operational system, which is able to analyse collected data and to extract behaviour information. Tafazzoli et al. [273] created a fuzzy malware ontology designed for the Semantic Web. The ontology represents rele- vant concepts inherent in the malware field. The relationships between different malware are modelled with the help of fuzzy linguistic terms, such as: “weak rela- tion” and “very good relation”. Considering that it was created with the Semantic Web in mind, it can be used to share information online.
As it can be noticed, there are a fair number of positive results with implement- ing fuzzy ontologies. It is therefore justified to state that further research is needed on how fuzzy ontologies can benefit the work on intrusion detection.