OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge

Network vulnerability checking, automated cyberthreat intelligence, and real-time cybersituational awareness require task automation that benefit from formally described conceptual models. Knowledge organization systems, including controlled vocabularies, taxonomies, and ontologies, can provide the network semantics needed to turn raw network data into valuable information for cybersecurity specialists. The formal knowledge representation of cyberspace concepts and properties in the form of upper and domain ontologies that capture the semantics of network topologies and devices, information flow, vulnerabilities, and cyberthreats can be used for application-specific, situation-aware querying and knowledge discovery via automated reasoning. The corresponding structured data can be used for network monitoring, cybersituational awareness, anomaly detection, vulnerability assessment, and cybersecurity countermeasures.

[1]  Leo Obrst,et al.  Developing an Ontology of the Cyber Security Domain , 2012, STIDS.

[2]  Nargiza Bekmamedova,et al.  An Ontological Approach Applied to Information Security and Trust , 2007 .

[3]  Zheng Luo,et al.  Ontology-based model of network and computer attacks for security assessment , 2013, Journal of Shanghai Jiaotong University (Science).

[4]  Toru Abe,et al.  Exploiting Domain Ontologies and Intelligent Agents: An Automated Network Management Support Paradigm , 2006, ICOIN.

[5]  P.S. Moraes,et al.  MonONTO: A Domain Ontology for Network Monitoring and Recommendation for Advanced Internet Applications Users , 2008, NOMS Workshops 2008 - IEEE Network Operations and Management Symposium Workshops.

[6]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[7]  Giuseppe Lo Re,et al.  Advances onto the Internet of Things - How Ontologies Make the Internet of Things Meaningful , 2014, Advances in Intelligent Systems and Computing.

[8]  Nicolae Tomai,et al.  Ontology-Based Tools for Automating Integration and Validation of Firewall Rules , 2009, BIS.

[9]  Markus Stumptner,et al.  Automated Reasoning over Provenance-Aware Communication Network Knowledge in Support of Cyber-Situational Awareness , 2018, KSEM.

[10]  Víctor A. Villagrá,et al.  Ontologies: giving semantics to network management models , 2003 .

[11]  Leslie F. Sikos Mastering Structured Data on the Semantic Web: From HTML5 Microdata to Linked Open Data , 2015 .

[12]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[13]  Christoph Meinel,et al.  Pushing the Limits of Cyber Threat Intelligence: Extending STIX to Support Complex Patterns , 2016 .

[14]  Vitor Monte Afonso,et al.  Ontology for malware behavior: A core model proposal , 2014, 2014 IEEE 23rd International WETICE Conference.

[15]  René Serral-Gracià,et al.  Applying Information Extraction for Abstracting and Automating CLI-Based Configuration of Network Devices in Heterogeneous Environments , 2015, Artificial Intelligence Applications in Information and Communication Technologies.

[16]  Wei Chen,et al.  Ontology Based Cooperative Intrusion Detection System , 2004, NPC.

[17]  Benjamin Turnbull,et al.  System of systems cyber effects simulation ontology , 2015, 2015 Winter Simulation Conference (WSC).

[18]  Wilson Ramírez,et al.  Ontology-Based Information Extraction from the Configuration Command Line of Network Routers , 2014, MIKE.

[19]  Cataldo Basile,et al.  Ontology-Based Policy Translation , 2009, CISIS.

[20]  Leslie F. Sikos Description Logics in Multimedia Reasoning , 2017, Springer International Publishing.

[21]  Marek Kasztelnik,et al.  Combining Ontologies with Domain Specific Languages: A Case Study from Network Configuration Software , 2010, Reasoning Web.

[22]  Lorrie Faith Cranor,et al.  Building an Ontology of Cyber Security , 2014, STIDS.

[23]  Markus Stumptner,et al.  Representing network knowledge using provenance-aware formalisms for cyber-situational awareness , 2018, KES.

[24]  Cynthia E. Irvine,et al.  An Ontological Approach to Secure MANET Management , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[25]  Eric Burger,et al.  Semantic ontologies for cyber threat sharing standards , 2016, 2016 IEEE Symposium on Technologies for Homeland Security (HST).

[26]  Michal Choras,et al.  Decision Aid Tool and Ontology-Based Reasoning for Critical Infrastructure Vulnerabilities and Threats Analysis , 2009, CRITIS.

[27]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[28]  Elena García Barriocanal,et al.  What are Information Security Ontologies Useful for? , 2015, MTSR.

[29]  Eric W. Burger,et al.  Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies , 2014, WISCS '14.

[30]  Leslie F. Sikos,et al.  Mastering Structured Data on the Semantic Web , 2015, Apress.

[31]  David Llewellyn-Jones,et al.  A Cyber Security Ontology for BPMN-Security Extensions , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[32]  Edgar R. Weippl,et al.  Security Ontologies: Improving Quantitative Risk Analysis , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[33]  Youki Kadobayashi,et al.  Reference Ontology for Cybersecurity Operational Information , 2015, Comput. J..

[34]  Dimitris Gritzalis,et al.  Security-by-Ontology: A Knowledge-Centric Approach , 2006, SEC.

[35]  Soon Ae Chun,et al.  A Bootstrapping Approach for Developing a Cyber-security Ontology Using Textbook Index Terms , 2013, 2013 International Conference on Availability, Reliability and Security.

[36]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.

[37]  F. Perich,et al.  Utilizing semantic policies for managing BGP route dissemination , 2008, IEEE INFOCOM Workshops 2008.

[38]  Matthew Collins,et al.  An Ontology for Insider Threat Indicators: Development and Application , 2014, STIDS.