Ontological Hybrid Storage for Security Data

  • Igor Kotenko
  • Andrey Chechulin
  • Elena Doynikova
  • Andrey Fedorchenko
Chapter
Part of the Studies in Computational Intelligence book series (SCI, volume 737)

Abstract

The paper investigates different security data sources and analyzes the possibility of their sharing in a uniform data storage on the basis of the ontological approach. An ontological model of the uniform hybrid storage is suggested. A common technique for security data inference based on this approach is developed. The results of experiments with the suggested ontology to construct the security data storage are discussed.

Keywords

Ontology Security data Data sources Data analysis Hybrid storage 

Notes

Acknowledgements

The work is performed by the grant of RSF #15-11-30029 in SPIIRAS.

References

  1. 1.
  2. 2.
    PT Application Firewall. Web. https://www.ptsecurity.com/ww-en/products/af/
  3. 3.
    Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 5th International Conference on Cyber Conflict 2013 (CyCon 2013), pp. 119–142 (2013)Google Scholar
  4. 4.
    Kotenko, I., Chechulin, A.: Computer attack modeling and security evaluation based on attack graphs. In: 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, pp. 614–619 (2013)Google Scholar
  5. 5.
    Chechulin, A., Kotenko, I.: Attack tree-based approach for real-time security event processing. Automatic Control Comput. Sci. 49(8), 701–704 (2015). Allerton Press IncCrossRefGoogle Scholar
  6. 6.
    Kotenko, I., Doynikova, E.: Dynamical calculation of security metrics for countermeasure selection in computer networks. In: 24th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, pp. 558–565 (2016)Google Scholar
  7. 7.
    Doynikova, E., Kotenko, I.: Countermeasure selection based on the attack and service dependency graphs for security incident management. In: Lecture Notes in Computer Science (LNCS), vol. 9572, Springer, pp. 107–124 (2016)Google Scholar
  8. 8.
    Fedorchenko, A., Kotenko, I., Chechulin, A.: Design of integrated vulnerabilities database for computer networks security analysis. In: 23th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2015), pp. 559–566 (2015)Google Scholar
  9. 9.
    Sufatrio, Yap, R.H.C., Zhong, L.: A machine-oriented integrated vulnerability database for automated vulnerability detection and processing. In: LISA XVIII, pp. 47–58 (2004)Google Scholar
  10. 10.
    Tierney, S.: Knowledge discovery in cyber vulnerability databases. A project report submitted in partial fulfillment of the requirements for the degree of Master of Science (2005)Google Scholar
  11. 11.
    Metasploit official website. Web. https://www.metasploit.com/
  12. 12.
    Elahi, G., Yu, E., Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: ER-2009, pp. 99–114. Springer-Verlag (2009)Google Scholar
  13. 13.
    Guo, M., Wang, J.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: 2009 ASEE SE Section Conference, 10 p. (2009)Google Scholar
  14. 14.
    Guo, M., Wang, J.: Security data mining in an Ontology for vulnerability management. In: Conference on Bioinformatics, Systems Biology and Intelligent Computing, pp. 597–603 (2009)Google Scholar
  15. 15.
    Kotenko, I., Saenko, I., Polubelova, O., Chechulin, A.: Design and implementation of a hybrid ontological-relational data repository for SIEM systems. Future Int. 5(3) (2013)Google Scholar
  16. 16.
    Kotenko, I., Saenko, I., Polubelova, O., Doynikova, E.: The ontology of metrics for security evaluation and decision support in SIEM systems. In: 8th International Conference on Availability, Reliability and Security (ARES 2013), pp. 638–645 (2013)Google Scholar
  17. 17.
    Parmelee, M.C.: Toward an ontology architecture for cyber-security standards. In: 2010 Semantic Technology for Intelligence, Defense, and Security Conference, 8 p. (2010)Google Scholar
  18. 18.
    Waltermire, D., Quinn, S., Scarfone, K., Halbardier, A.: The technical specification for the security content automation protocol (SCAP): SCAP version 1.2. 66 p. (2011)Google Scholar
  19. 19.
    Common Vulnerabilities and Exposures (CVE). Web. http://cve.mitre.org
  20. 20.
    Common Configuration Enumeration (CCE). Web. https://nvd.nist.gov/cce/index.cfm
  21. 21.
    Common Platform Enumeration (CPE) official website. Web. https://nvd.nist.gov/cpe.cfm
  22. 22.
    Common Vulnerabilities and Exposures (CVE). Web. https://cve.mitre.org/
  23. 23.
    National Vulnerability Database (NVD) official website. Web. https://nvd.nist.gov
  24. 24.
    Open Source Vulnerability Database (OSVDB) blog. Web. https://blog.osvdb.org/
  25. 25.
    US Computer Emergency Readiness Team (US-CERT). Web. http://www.us-cert.gov/
  26. 26.
    SecurityFocus (BugTraq database) official website. Web. http://securityfocus.com/
  27. 27.
    IBM X-Force exchange project official website. Web. http://xforce.iss.net
  28. 28.
    Common Vulnerability Scoring System (CVSS) official website. Web. https://www.first.org/cvss
  29. 29.
    Common Weakness Enumeration (CWE) official website. Web. https://cwe.mitre.org/
  30. 30.
    ICASI Common Vulnerability Reporting Framework (CVRF) official website. Web. http://www.icasi.org/cvrf/
  31. 31.
    Offensive security’s exploit database archive. Web. https://www.exploit-db.com/
  32. 32.
    Common Attack Pattern Enumeration and Classification (CAPEC) official website. Web. https://capec.mitre.org/
  33. 33.
    Common Remediation Enumeration (CRE) official website. Web. https://scap.nist.gov/specifications/cre/

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Igor Kotenko
    • 1
    • 2
  • Andrey Chechulin
    • 1
    • 2
  • Elena Doynikova
    • 1
    • 2
  • Andrey Fedorchenko
    • 1
    • 2
  1. 1.St. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSt. PetersburgRussia
  2. 2.St. Petersburg National Research University of Information Technologies, Mechanics and Optics, ITMO UniversitySaint-PetersburgRussia

Personalised recommendations