Advertisement

An Ontology for Network Security Attacks

  • Andrew Simmonds
  • Peter Sandilands
  • Louis van Ekert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3285)

Abstract

We first consider network security services and then review threats, vulnerabilities and failure modes. This review is based on standard texts, using well-known concepts, categorizations, and methods, e.g. risk analysis using asset-based threat profiles and vulnerability profiles (attributes). The review is used to construct a framework which is then used to define an extensible ontology for network security attacks. We present a conceptualization of this ontology in figure 1.

Keywords

network cyber security ontology attack threat vulnerability failure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alberts, C., Dorofee, A.: OCTAVE Threat Profiles. Carnegie Mellon Software Engineering Institute, Pittsburgh, PA 15213, USA., Available from http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf [accessed April 12, 2004]
  2. Krsul, A., Spafford: A Taxonomy of Security Faults. Purdue University COAST Lab (1996), Available from: http://www.cerias.purdue.edu/about/history/coast/coast-library.html [accessed March 28, 2004]
  3. Cates, S.: The Art of Hacking. TRIPWIRE Security Industry Seminar, July 28th (2003), Available from: http://www.tripwire.com/events/archived_webcasts/ [accessed March 28, 2004]
  4. DAML, list of ontologies from, http://www.daml.org/ontologies/keyword.html [accessed August 19, 2004]
  5. Denker, G., et al.: Security for DAML Web Services: Annotation and Matchmaking. In: Proceedings, Second International Semantic Web Conference (September 2003)Google Scholar
  6. Kagal, L., Finin, T., Joshi, A.: A Policy Based Approach to Security for the Semantic Web. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. Kagal, L., et al.:Authorization and Privacy for Semantic Web Services. In: Proceedings, First International Semantic Web Services Symposium, AAAI 2004 Spring Symposium (March 2004)Google Scholar
  8. Knight, E.: Computer Vulnerabilities (2000), Available e.g. from: http://www.fi.upm.es/~flimon/compvuln_draft.pdf [accessed March 28, 2004]
  9. McGuiness, D.: Knowledge Systems Laboratory, Stanford University, Ontologies come of age. In: Fensel, et al. (eds.) Spinning the Semantic Web: Bringing the World Wide Web to Its Full Potential, MIT Press, Cambridge (2002), Available from http://www.ksl.stanford.edu/people/dlm/papers/ontologis-come-of-age-mit-press-withcitation.htm [accessed June 6, 2004]
  10. Schneier, B.: Interviewed for the Atlantic Monthly by Mann, Charles, Homeland Insecurity (September 2002), Available from http://www.theatlantic.com/issues/2002/09/mann.htm [accessed April 12, 2004]
  11. Stallings, W.: Network Security Essentials: Applications and Standards. Prentice-Hall Inc., New Jersey (2000)Google Scholar
  12. Tzu, S.: (400 – 320 BC ) On the Art of War. Translated by Lionel Giles (1910), Available from: http://www.kimsoft.com/polwar.htm [accessed March 28, 2004]
  13. Wilson, B.: The OCTAVE Methodology for Self-Directed Risk Assessment. Carnegie Mellon Software Engineering Institute, Pittsburgh, PA 15213, USA. (2002), Available from http://www.fedcirc.gov/library/presentations/octave.pdf [accessed April 12, 2004]

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Andrew Simmonds
    • 1
  • Peter Sandilands
    • 1
  • Louis van Ekert
    • 1
  1. 1.Faculty of ITUniversity of Technology SydneyBroadwayAustralia

Personalised recommendations