Chapter

Cyber Defense and Situational Awareness

Volume 62 of the series Advances in Information Security pp 167-199

Date:

Inference and Ontologies

  • Brian E. UlicnyAffiliated withVIStology, Inc. Email author 
  • , Jakub J. MoskalAffiliated withVIStology, Inc.
  • , Mieczyslaw M. KokarAffiliated withNortheastern University
  • , Keith AbeAffiliated withReferentia Systems Incorporated
  • , John Kei SmithAffiliated withLiveAction

* Final gross prices may vary according to local VAT.

Get Access

Abstract

The importance of visualization—discussed in the previous chapter—does not diminish the critical role that algorithmic analysis plays in achieving CSA. Algorithms reason about the voluminous observations and data about the network and infer important features of the situation that help analysts and decision-makers form their situational awareness. In order to perform this inference, and to make its output useful to other algorithms and human users, an algorithm needs to have its inputs and outputs represented in a consistent vocabulary of well-specified terms and their relations, i.e., it needs an ontology with a clear semantics and a standard. This topic is the focus of the present chapter. We already touched on the importance of semantics in the Cognition and Technology chapter. Now we discuss in detail how, in cyber operations, inference based on ontology can be used to determine the threat actor, the target and purpose in order to determine potential courses of action and future impact. Since a comprehensive ontology for cyber security does not exist, we show how such an ontology can be developed by taking advantage of existing cyber security related standards and markup languages.