Intrusion Detection based on Ontology Modeling and Alert Correlation for RFID Malware Attacks

One of the recently emerging security attack against RFID systems is constituted by RFID malwares. This research is aimed at integrating the principles of alert correlation and ontology modelling in the intrusion detection paradigm so as to determine this kind of attack. The proposed approach relies on three key points: i) heterogeneous sensors diffused throughout the RFID infrastructure; ii) an alert model, formalized by means of an ontology, to represent the knowledge for reasoning about complementary alert evidence; iii) an alert correlation procedure, based on the ontology, to enhance the monitoring coverage and provide a comprehensive view of relevant symptoms indicating really potential attacks. The approach is implemented in an intrusion detection system operating in real-time at middleware layer in order to detect attacks and limit further damages. Experimental tests are reported to give a proof of the feasibility of the methodology in the detection of malwares in RFID systems.