Inference and Ontologies

  • Brian E. Ulicny
  • Jakub J. Moskal
  • Mieczyslaw M. Kokar
  • Keith Abe
  • John Kei Smith
Chapter
First Online:
Part of the Advances in Information Security book series (ADIS, volume 62)

Abstract

The importance of visualization—discussed in the previous chapter—does not diminish the critical role that algorithmic analysis plays in achieving CSA. Algorithms reason about the voluminous observations and data about the network and infer important features of the situation that help analysts and decision-makers form their situational awareness. In order to perform this inference, and to make its output useful to other algorithms and human users, an algorithm needs to have its inputs and outputs represented in a consistent vocabulary of well-specified terms and their relations, i.e., it needs an ontology with a clear semantics and a standard. This topic is the focus of the present chapter. We already touched on the importance of semantics in the Cognition and Technology chapter. Now we discuss in detail how, in cyber operations, inference based on ontology can be used to determine the threat actor, the target and purpose in order to determine potential courses of action and future impact. Since a comprehensive ontology for cyber security does not exist, we show how such an ontology can be developed by taking advantage of existing cyber security related standards and markup languages.

Keywords

Intrusion Detection Situational Awareness Formal Semantic Inference Engine Model Drive Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access

References

  1. Anagnostopoulos, E. et al. Vol. 418. Studies in Computational Intelligence. Springer Berlin Heidelberg, 2013, pp. 319–360. isbn: 978-3-642-28976-7. doi: 10 . 1007 / 978 - 3 - 642 - 28977 - 4 _ 12. url: http://dx.doi.org/10.1007/978-3-642-28977-4_12Google Scholar
  3. Atkinson, S.R., Beaulne, K., Walker, D., and Hossain, L. “Cyber – Transparencies, Assurance and Deterrence”, International Conference on Cyber Security, 2012Google Scholar
  4. Baader, F., McGuinness, D. L., Nardi, D., and Patel-Schneider, P. F. (Eds.). (2010) The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press.Google Scholar
  5. Barwise, J., Perry, J. (1983) Situations and Attitudes. Cambridge, MA: MIT Press.Google Scholar
  6. Bedini, I. et al. “Transforming XML Schema to OWL Using Patterns”. In: Semantic Computing (ICSC), 2011 Fifth IEEE International Conference on. 2011a, pp. 102–109. doi:  10.1109/ICSC.2011.77
  7. Bedini, I., Matheus, C., Patel-Schneider, P. F., and Boran, A. Transforming XML Schema to OWL Using Patterns. ICSC '11 Proceedings of the 2011 IEEE Fifth International Conference on Semantic Computing, Pages 102-109, 2011b.Google Scholar
  8. Bikakis, N. et al. “The XML and Semantic Web Worlds: Technologies, Interoperability and Integration: A Survey of the State of the Art”. In: Semantic Hyper/Multimedia Adaptation. Ed. by IoannisGoogle Scholar
  9. Bohring, H., and Auer, S. “Mapping XML to OWL Ontologies.” In: Leipziger Informatik-Tage 72 (2005), pp. 147–156.Google Scholar
  10. Bouet, M., and Israel, M. “INSPIRE Ontology Handler: automatically building and managing a knowledge base for Critical Information Infrastructure Protection”, 12th IFIP/IEEE IM, 2011.Google Scholar
  11. Boyd, J. A discourse on winning and losing. Technical report, Maxwell AFB, 1987.Google Scholar
  12. Bradshaw, J. M., Carvalho, M., Bunch, L., Eskridge, T., Feltovich, P. J., Johnson, M., and Kidwell, D. “Sol: An Agent-Based Framework for Cyber Situation Awareness”, Kunstl Intell, 26:127–140, 2012.CrossRefGoogle Scholar
  13. Brank, J., Grobelnik, M., and Mladenic, D. A survey of ontology evaluation techniques. In In Proceedings of the Conference on Data Mining and Data Warehouses (SiKDD 2005)Google Scholar
  14. CAPEC – Common Attack Pattern Enumeration and Characterization. http://capec.mitre.org/.
  15. Caton, J. L. “Beyond Domains, Beyond Commons: Context and Theory of Conflict in Cyberspace”, 4th International Conference on Cyber Conflict, 2012.Google Scholar
  16. CCE – Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues. [Online] http://cce.mitre.org/.
  17. Chen, H., and Joshi, A. The SOUPA Ontology for Pervasive Computing. Birkhauser Publishing Ltd., April 2004Google Scholar
  18. Common Vulnerability Scoring System (CVSS-SIG). [Online] http://www.first.org/cvss/.
  19. CPE – Common Platform Enumeration. [Online] http://cpe.mitre.org/.
  20. CVE – Common Vulnerabilities and Exposures. [Online] http://cve.mitre.org/.
  21. CWE – Common Weakness Enumeration. National Vulnerability Database, http://nvd.nist.gov/cwe.cfm.
  22. CWE – Common Weakness Enumeration. http://cwe.mitre.org
  23. CybOX – Cyber Observable eXpression. http://cybox.mitre.org
  24. D’Amico, A., Buchanan, L., Goodall, J., and Walczak, P. “Mission Impact of Cyber Events: Scenarios and Ontology to Express the Relationships between Cyber Assets, Missions and Users”, International Conference on i-Warfare and Security (ICIW), The Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, USA, 2010.Google Scholar
  25. de Barros Barreto, A., Costa, P. C. G., and Yano, E. T. Using a Semantic Approach to Cyber Impact Assessment. STIDS, 2013.Google Scholar
  26. Doerr, M., Ore, C.-E., and Stead, S. The CIDOC conceptual reference model: a new standard for knowledge sharing. In Conceptual modeling, pages 51–56. Australian Computer Society, Inc., 2007. ISBN 978-1-920682-64-4.Google Scholar
  27. Dumontier, M. SemanticScience wiki: ODPMereotopology. https://code.google.com/p/semanticscience/wiki/ODPMereotopology. Updated Nov 27, 2013.
  28. Endsley, M. (1995). “Toward a theory of situation awareness in dynamic systems”. Human Factors 37(1), 32-64.CrossRefGoogle Scholar
  29. Fenza, G., Furno, D., Loia, V., and Veniero, M. “Agent-based Cognitive approach to Airport Security Situation Awareness”, International Conference on Complex, Intelligent and Software Intensive Systems, 2010.Google Scholar
  30. Ferdinand, M., Zirpins, C., and Trastour, D. “Lifting XML Schema to OWL”. In: Web Engineering. Ed. by Nora Koch, Piero Fraternali, and Martin Wirsing. Vol. 3140. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2004, pp. 354–358. isbn: 978-3-540-22511-9. doi: 10. 1007/978-3-540-27834-4_44. http://dx.doi.org/10.1007/978-3-540-27834-4_44.Google Scholar
  31. Francois, A. R. J., Nevatia, R., Hobbs, J., and Bolles, R. C. VERL: An ontology framework for representing and annotating video events. IEEE MultiMedia, 12(4), 2005.Google Scholar
  32. GeoNames Ontology – Geo Semantic Web. http://www.geonames.org/ontology/documentation.html.
  33. Goodall, J. R., D’Amico, A., and Kopylec, J. K. “Camus: Automatically Mapping Cyber Assetts to Missions and Users”, IEEE Military Communications Conference, MILCOM 2009, pp.1-7, 2009.Google Scholar
  34. Gruber, T. Ontology. In Ling Liu and M. Tamer Ozsu, editors, The Encyclopedia of Database Systems, pages 1963–1965. Springer, 2009.Google Scholar
  35. Herzog, A., Shahmehri, N., and Duma, C. “An Ontology of Information Security,” IGI Global, 2007, pp. 1-23.Google Scholar
  36. Hobbs, J. R., and Pan, F. An Ontology of Time for the Semantic Web. CM Transactions on Asian Language Processing (TALIP): Special issue on Temporal Information Processing. 2004. Vol. 3, 1, pp. 66-85.Google Scholar
  37. Horrocks, I., and Sattler, U. The effect of adding complex role inclusion axioms in description logics. In Proc. of the 18th Int. Joint Conf. on Artificial Intelligence (IJCAI 2003), pages 343–348. Morgan Kaufmann, Los Altos, 2003.Google Scholar
  38. Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1, 80.Google Scholar
  39. IODEF – Cover Pages Incident Object Description and Exchange Format. http://xml.coverpages.org/iodef.html.
  40. IPTC International Press Telecommunications Council, London, UK. EventML, 2008. http://iptc.org/.
  41. jsoup: Java HTML Parser. http://jsoup.org/
  42. Kang, W., and Liang, Y. “A Security Ontology with MDA for Software Development”, International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, 2013.Google Scholar
  43. Khairkar, A. D., Kshirsagar, D., and Kumar, S. “Ontology for Detection of Web Attacks”, International Conference on Communication Systems and Network Technologies, 2013.Google Scholar
  44. Kim, H. M., Biehl, M., and Buzacott, J. A. “M-CI2: Modelling Cyber Interdependencies between Critical Infrastructures”, 3rd IEEE International Conference on Industrial Informatics (INDIN), 2005.Google Scholar
  45. Kokar, M. M., Matheus, C. J., and Baclawski, K. Ontology-based situation aware- ness. Inf. Fusion, 10(1):83–98, 2009. ISSN 1566-2535. doi: http://dx.doi.org/10. 1016/j.inffus.2007.01.004. Google Scholar
  46. Lin, F. Handbook of Knowledge Representation, chapter Situtation Calculus. El- sevier, 2008Google Scholar
  47. MAEC – Malware Attribute Enumeration and Characterization. http://maec.mitre.org/.
  48. Matheus, C. J., Kokar, M. M., and Baclawski, K. A core ontology for situation awareness; Cairns, Australia. In Information Fusion, pages 545–552, July 2003.Google Scholar
  49. Matheus, C. J., Kokar, M. M., Baclawski, K., and Letkowski, J. An application of semantic web technologies to situation awareness. In International Semantic Web Conference, volume 3729 of LNCS, pages 944–958. Springer, 2005.Google Scholar
  50. Matheus, C., Baclawski, K., and Kokar, M. (2006). BaseVISor: A Triples-Based Inference Engine Outfitted to Process RuleML and R-Entailment Rules. In Proceedings of the 2nd International Conference on Rules and Rule Languages for the Semantic Web, Athens, GA.Google Scholar
  51. McMorrow, D. Science of Cyber-Security. Technical Report, JSR-10-102, The MITRE Corporation, 2010.Google Scholar
  52. More, S., Matthews, M., Joshi, A., Finin, T. “A Knowledge-Based Approach To Intrusion Detection Modeling”, IEEE Symposium on Security and Privacy Workshops, 2012.Google Scholar
  53. Mueller, E. T. Handbook of Knowledge Representation, chapter Event Calculus. Elsevier, 2008Google Scholar
  54. Mundie, D. A., and McIntire, D. M. “The MAL: A Malware Analysis Lexicon”, Technical Note, CMU/SEI-2013-TN-010, Software Engineering Institute, 2013.Google Scholar
  55. NIST. National Vulnerability Database Version 2.2. http:// http://nvd.nist.gov/Google Scholar
  56. Obrst, L., Ceusters, W., Mani, I., Ray, S., and Smith, B. The evaluation of ontologies. In ChristopherJ.O. Baker and Kei-Hoi Cheung, editors, Semantic Web, pages 139–158. Springer US, 2007.Google Scholar
  57. Obrst, L., Chase, P., & Markeloff, R. (2012). Developing an ontology of the cyber security domain. Proceedings of Semantic Technologies for Intelligence, Defense, and Security (STIDS), 49-56.Google Scholar
  58. Okolica, J. S., McDonald, T., Peterson, G. L., Mills, R. F., and Haas, M. W. Developing Systems for Cyber Situational Awareness. Proceedings of the 2nd Cyberspace Research Workshop, Shreveport, Louisiana, USA, 2009.Google Scholar
  59. Oltramari, A., Lebiere, C., Vizenor, L., Zhu, W., and Dipert, R. “Towards a Cognitive System for Decision Support in Cyber Operations”, STIDS, 2013.Google Scholar
  60. OVAL – Open Vulnerability and Assessment Language. [Online] http://oval.mitre.org/.
  62. Parmelee, M. Toward an Ontology Architecture for Cyber- Security Standards. George Mason University, Fairfax, VA : Semantic Technologies for Intelligence, Defense, and Security (STIDS) 2010Google Scholar
  63. Raimond, Y., and Abdallah, S. The event ontology, October 2007. http://motools.sf.net/event
  64. RDF: Resource Description Framework. W3C. http://www.w3.org/RDF/
  65. Rodrigues, T., Rosa, P., and Cardoso, J. “Mapping XML to Existing OWL ontologies”. In: International Conference WWW/Internet. Citeseer. 2006, pp. 72–77.Google Scholar
  66. SCAP – Security Content Automation Protocol. NIST. [Online] http://scap.nist.gov/.
  67. Scherp, A., Franz, T., Saathoff, C., and Staab, S. F–a model of events based on the foundational ontology DOLCE+DnS Ultralight. In Conference on Knowledge Capture, pages 137–144, New York, NY, USA, 2009. ACM. ISBN 978-1-60558-658-8. doi: http://doi.acm.org/10.1145/1597735.1597760.Google Scholar
  68. Security Intelligence. Defining APT Campaigns. SANS Digital Forensics and Incident Response, http://digital-forensics.sans.org/blog/2010/06/21/security-intelligence-knowing-enemy/
  69. Shen, Z., Ma, K.-L., and Eliassi-Rad, T. Visual analysis of large heterogeneous social networks by semantic and structural abstraction. Visualization and Computer Graphics, IEEE Transactions on, 12(6):1427–1439, 2006.Google Scholar
  70. Sheth, A. Can Semantic Web techniques empower comprehension and projection in Cyber Situational Awareness? ARO Workshop, Fairfax, VA, 2007.Google Scholar
  71. Singhal, A., and Wijesekera, D. 2010. Ontologies for modeling enterprise level security metrics. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW ’10), Frederick T. Sheldon, Stacy Prowell, Robert K. Abercrombie, and Axel Krings (Eds.). ACM, New York, NY, USA, Article 58, 3 pages. DOI=10.1145/1852666.1852731 http://doi.acm.org/10.1145/1852666.1852731Google Scholar
  72. Stewart, J. (2013). Chasing APT. Dell SecureWorks Counter Threat Unit™ Threat Intelligence. 23 July 2012. http://www.secureworks.com/research/threats/chasing_apt/
  73. STIX – Structured Threat Information eXpression. “A Structured Language for Cyber Threat Intelligence Information”. http://stix.mitre.org
  74. Strasburg, C., Basu, S., and Wong, J. S. “S-MAIDS: A Semantic Model for Automated Tuning, Correlation, and Response Selection in Intrusion Detection Systems”, IEEE 37th Annual Computer Software and Applications Conference, 2013.Google Scholar
  75. Strassner, J., Betser, J., Ewart, R., and Belz, F. “A Semantic Architecture for Enhanced Cyber Situational Awareness”, Secure& Resilient Cyber Architectures Conference, MITRE, McLean, VA, 2010.Google Scholar
  76. Swimmer, M. Towards An Ontology of Malware Classes. January 27, 2008. http://www.scribd.com/doc/24058261/Towards-an-Ontology-of-Malware-Classes.
  77. The Friend of a Friend (FOAF) project. http://www.foaf-project.org/.
  78. Undercoffer, J., Joshi, A., and Pinkston, J. “Modeling Computer Attacks: An Ontology for Intrusion Detection,” in Proc. 6th Int. Symposium on Recent Advances in Intrusion Detection. Springer, September 2003.Google Scholar
  79. US-CERT. (2013) Alert (TA13-309A) CryptoLocker Ransomware Infections. Original release date: November 05, 2013 | Last revised: November 18, 2013 http://www.us-cert.gov/ncas/alerts/TA13-309A
  80. Vrandečić, D. Ontology evaluation. In Stephen Staab and Rudi Studer, editors, Handbook on Ontologies, International Handbooks on Information Systems, pages 293–313. Springer Berlin Heidelberg, 2009.Google Scholar
  81. W3C. OWL 2 Web Ontology Language Document Overview, 2009. http://www.w3.org/TR/owl2-overview/.
  82. Wali, A., Chun, S. A., and Geller, J. “A Bootstrapping Approach for Developing a Cyber-Security Ontology Using Textbook Index Terms”, International Conference on Availability, Reliability and Security, 2013.Google Scholar
  83. Wang, X. H., Zhang, D. Q., Gu, T., and Pung, H. K. Ontology based context modeling and reasoning using OWL. In Pervasive Computing and Communications Workshops, page 18, Washington, DC, USA, 2004. IEEE. ISBN 0-7695-2106-1Google Scholar
  84. Wang, X., Mamadgi, S., Thekdi, A., Kelliher, A., and Sundaram, H. Eventory – an event based media repository. In Semantic Computing, pages 95–104, Washington, DC, USA, 2007. IEEE. ISBN 0-7695-2997-6.Google Scholar
  85. Westermann, U., and Jain, R. Toward a common event model for multimedia ap- plications. IEEE MultiMedia, 14(1):19–29, 2007.CrossRefGoogle Scholar
  87. Yau, S. S., and Liu, J. Hierarchical situation modeling and reasoning for pervasive computing. In Software Technologies for Future Embedded and Ubiquitous Systems, pages 5–10, Washington, DC, USA, 2006. IEEE. ISBN 0-7695-2560-1.Google Scholar
  88. Ye, J., Coyle, L., Dobson, S., and Nixon, P. Ontology-based models in pervasive computing systems. The Knowledge Engineering Review, 22(4):315–347, 2007.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Brian E. Ulicny
    • 1
  • Jakub J. Moskal
    • 1
  • Mieczyslaw M. Kokar
    • 2
  • Keith Abe
    • 3
  • John Kei Smith
    • 4
  1. 1.VIStology, Inc.FraminghamUSA
  2. 2.Northeastern UniversityBostonUSA
  3. 3.Referentia Systems IncorporatedHonoluluUSA
  4. 4.LiveActionPalo AltoUSA

Personalised recommendations