An Ontology-Driven Approach Applied to Information Security

Software systems have become highly distributed and complex involving independent components working together towards achieving systems' goals. Meanwhile, security attacks against such systems have increased to become more sophisticated and difficult to detect and withstand. In this paper, we argue that the collaboration of a system's constituent components is a better way to detect and withstand this new generation of security attacks including multi-phased distributed attacks and various flooding distributed denial of service attacks. In order to achieve the collaborative intrusion detection and defenses in distributed environments, the system and its constituent components should have a common mechanism to share the collected knowledge about security attacks and counter measures. Thus, we develop and apply security ontologies that will serve as the common vocabulary that is understandable for both humans and software agents to share and analyse the received information. In particular, several security ontologies are introduced including the security attack ontology, the defence ontology, the asset-vulnerability ontology, the algorithm-standard ontology, and the security function ontology. In conclusion, we demonstrate the applicability of our approach with a case study illustrating the Mitnick attack.

[1]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[2]  Robert C. Seacord,et al.  A Structured Approach to Classifying Security Vulnerabilities , 2005 .

[3]  Jun Han,et al.  An Ontology Framework for Managing Security Attacks and Defences in Component Based Software Systems , 2008 .

[4]  Timothy W. Finin,et al.  A Target-Centric Ontology for Intrusion Detection , 2003, IJCAI 2003.

[5]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[6]  Nargiza Bekmamedova,et al.  An Ontology Framework for Managing Security Attacks and Defences in Component Based Software Systems , 2008, 19th Australian Conference on Software Engineering (aswec 2008).

[7]  James Michael Stewart,et al.  CISSP: Certified Information Systems Security Professional Study Guide, 2nd Edition , 2004 .

[8]  Jun Han,et al.  Security Attack Ontology for Web Services , 2006, SKG.

[9]  Khaled M. Khan,et al.  A security characterisation framework for trustworthy component based software systems , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[10]  Jun Han,et al.  Specifying Dynamic Security Properties of Web Service Based Systems , 2006, SKG.

[11]  Frank van Harmelen,et al.  Web Ontology Language , 2004 .

[12]  Myong H. Kang,et al.  Security Ontology for Annotating Resources , 2005, OTM Conferences.

[13]  Michael Uschold,et al.  The Enterprise Ontology , 1998, The Knowledge Engineering Review.

[14]  Kaustubh Supekar,et al.  OntoGenie: Extracting Ontology Instances from WWW , 2003 .

[15]  Dan Brickley,et al.  Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[16]  Grit Denker,et al.  OWL-S Semantics of Security Web Services: a Case Study , 2004, ESWS.

[17]  Ernesto Damiani,et al.  A reputation-based approach for choosing reliable resources in peer-to-peer networks , 2002, CCS '02.

[18]  Dimitris Gritzalis,et al.  Towards an Ontology-based Security Management , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[19]  Luciana Andréia Fondazzi Martimiano,et al.  The Evaluation Process of a Computer Security Incident Ontology , 2006, WONTO.

[20]  James A. Hendler,et al.  The semantic Web and its languages , 2000 .