论文信息 - Using Ontologies to Quantify Attack Surfaces

Using Ontologies to Quantify Attack Surfaces

Cyber security remains one of the most serious challenges to national security and the economy that we face today. Systems employing well known but static defenses are increasingly vulnerable to penetration from determined, diverse, and well resourced adversaries launching targeted attacks such as Advanced Persistent Threats (APTs). Due to the heavy focus on cyber security technologies in both commercial and government environments over the last decade, an overwhelming array of cyber defense technologies have become available for cyber defenders to use. As the number and complexity of these defenses increase, cyber defenders face the problem of selecting, composing, and configuring them, a process which to date is performed manually and without a clear understanding of integration points and risks associated with each defense or combination of defenses. As shown in Figure 1, the current state-of-the-art approach for selecting and configuring cyber defenses is manual in nature and is often done without a clear understanding of security metrics associated with attack surfaces. Due to the talent Unknown& Security& Metrics Manual&Selection&and& Configuration&of&Cyber&Defenses

[1] Zahid Anwar,et al. Ontology for attack detection: An intelligent approach to web application security , 2014, Comput. Secur..

[2] Malek Ben Salem,et al. Enabling New Technologies for Cyber Security Defense with the ICAS Cyber Security Ontology , 2015, STIDS.

[3] Borislava I. Simidchieva,et al. Experimentation Support for Cyber Security Evaluations , 2016, CISRC.

[4] Leo Obrst,et al. Developing an Ontology of the Cyber Security Domain , 2012, STIDS.

[5] Stefan Fenz,et al. Ontological Mapping of Information Security Best-Practice Guidelines , 2009, BIS.

[6] Antanas Cenys,et al. Security Ontology for Adaptive Mapping of Security Standards , 2013, Int. J. Comput. Commun. Control.

[7] Lorrie Faith Cranor,et al. Building an Ontology of Cyber Security , 2014, STIDS.

[8] Cleotilde Gonzalez,et al. Ontology-based Adaptive Systems of Cyber Defense , 2015, STIDS.

[9] Simon N. Foley,et al. Management of security policy configuration using a Semantic Threat Graph approach , 2011, J. Comput. Secur..

[10] Adam Shostack,et al. Threat Modeling: Designing for Security , 2014 .

[11] Sushil Jajodia,et al. Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[12] Mirko Čubrilo,et al. Ontology in Information Security , 2015 .