Advertisement

OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge

  • Leslie F. SikosEmail author
Chapter
Part of the Intelligent Systems Reference Library book series (ISRL, volume 151)

Abstract

Network vulnerability checking, automated cyberthreat intelligence, and real-time cybersituational awareness require task automation that benefit from formally described conceptual models. Knowledge organization systems, including controlled vocabularies, taxonomies, and ontologies, can provide the network semantics needed to turn raw network data into valuable information for cybersecurity specialists. The formal knowledge representation of cyberspace concepts and properties in the form of upper and domain ontologies that capture the semantics of network topologies and devices, information flow, vulnerabilities, and cyberthreats can be used for application-specific, situation-aware querying and knowledge discovery via automated reasoning. The corresponding structured data can be used for network monitoring, cybersituational awareness, anomaly detection, vulnerability assessment, and cybersecurity countermeasures.

Keywords

Cyberthreats Knowledge Organization System (KOS) Domain Ontology Structured Threat Information eXpression (STIX) Threat Intelligence 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Sikos LF (2015) Mastering structured data on the Semantic Web: from HTML5 Microdata to Linked Open Data. Apress, New York.  https://doi.org/10.1007/978-1-4842-1049-9CrossRefGoogle Scholar
  2. 2.
    Sikos LF (2017) Description logics in multimedia reasoning. Springer, Cham.  https://doi.org/10.1007/978-3-319-54066-5CrossRefGoogle Scholar
  3. 3.
    Avizienis A, Laprie J-C, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Depend Secur Comput 1(1):11–33.  https://doi.org/10.1109/TDSC.2004.2CrossRefGoogle Scholar
  4. 4.
    Hansman S, Hunt R (2005) A taxonomy of network and computer attacks. Comput Secur 24(1):31–43.  https://doi.org/10.1016/j.cose.2004.06.011CrossRefGoogle Scholar
  5. 5.
    Gao J, Zhang B, Chen X, Luo Z (2013) Ontology-based model of network and computer attacks for security assessment. J Shanghai Jiaotong Univ (Sci) 18(5):554–562.  https://doi.org/10.1007/s12204-013-1439-5CrossRefGoogle Scholar
  6. 6.
    Burger EW, Goodman MD, Kampanakis P (2014) Taxonomy model for cyber threat intelligence information exchange technologies. In: Ahn G-J, Sander T (eds) Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security. ACM, New York, pp 51–60.  https://doi.org/10.1145/2663876.2663883
  7. 7.
    Takahashi T, Kadobayashi Y (2015) Reference ontology for cybersecurity operational information. Comput J 58(10):2297–2312.  https://doi.org/10.1093/comjnl/bxu101CrossRefGoogle Scholar
  8. 8.
    Tsoumas B, Papagiannakopoulos P, Dritsas S, Gritzalis D (2006) Security-by-ontology: a knowledge-centric approach. In: Fischer-Hübner S, Rannenberg K, Yngström L, Lindskog S (eds) Security and privacy in dynamic environments. Springer, Boston, pp 99–110.  https://doi.org/10.1007/0-387-33406-8_9
  9. 9.
    Vorobiev A, Bekmamedova N (2007) An ontological approach applied to information security and trust. In: Cater-Steel A, Roberts L, Toleman M (eds) ACIS2007 Toowoomba 5–7 December 2007: Delegate Handbook for the 18th Australasian Conference on Information Systems. University of Southern Queensland, Toowoomba, Australia. http://aisel.aisnet.org/acis2007/114/
  10. 10.
    Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Li W, Susilo W, Tupakula U, Safavi-Naini R, Varadharajan V (eds) Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. ACM, New York, pp 183–194.  https://doi.org/10.1145/1533057.1533084
  11. 11.
    Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USAGoogle Scholar
  12. 12.
    Wali A, Chun SA, Geller J (2013) A bootstrapping approach for developing a cyber-security ontology using textbook index terms. In: Guerrero JE (ed) Proceedings of the 2013 International Conference on Availability, Reliability, and Security. IEEE Computer Society, Washington, pp 569–576.  https://doi.org/10.1109/ARES.2013.75
  13. 13.
    Syed Z, Padia A, Mathews ML, Finin T, Joshi A (2016) UCO: a unified cybersecurity ontology. In: Wong W-K, Lowd D (eds) Proceedings of the Thirtieth AAAI Workshop on Artificial Intelligence for Cyber Security. AAAI Press, Palo Alto, CA, USA, pp 195–202. https://www.aaai.org/ocs/index.php/WS/AAAIW16/paper/download/12574/12365
  14. 14.
    He Y, Chen W, Yang M, Peng W (2004) Ontology-based cooperative intrusion detection system. In: Jin H, Gao GR, Xu Z, Chen H (eds) Network and parallel computing. Springer, Heidelberg, pp 419–426.  https://doi.org/10.1007/978-3-540-30141-7_59Google Scholar
  15. 15.
    Obrst L, Chase P, Markeloff R (2012) Developing an ontology of the cyber security domain. In: Costa PCG, Laskey KB (eds) Proceedings of the Seventh International Conference on Semantic Technologies for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 49–56. http://ceur-ws.org/Vol-966/STIDS2012_T06_ObrstEtAl_CyberOntology.pdf
  16. 16.
    Grégio A, Bonacin R, Nabuco O, Afonso VM, De Geus PL, Jino M (2014) Ontology for malware behavior: a core model proposal. In: Reddy SM (ed) Proceedings of the 2014 IEEE 23rd International WETICE Conference. IEEE, New York, pp 453–458.  https://doi.org/10.1109/WETICE.2014.72
  17. 17.
    Asgarli E, Burger E (2016) Semantic ontologies for cyber threat sharing standards. In: Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security. IEEE, New York.  https://doi.org/10.1109/THS.2016.7568896
  18. 18.
    Ussath M, Jaeger D, Cheng F, Meinel C (2016) Pushing the limits of cyber threat intelligence: extending STIX to support complex patterns. In: Latifi S (ed) Information technology: new generations. Springer, Cham, pp 213–225.  https://doi.org/10.1007/978-3-319-32467-8_20Google Scholar
  19. 19.
    Ekelhart A, Fenz S, Klemen M, Weippl E (2007) Security ontologies: improving quantitative risk analysis. In: Sprague RH (ed) Proceedings of the 40th Annual Hawaii International Conference on System Sciences. IEEE Computer Society, Los Alamitos, CA, USA.  https://doi.org/10.1109/HICSS.2007.478
  20. 20.
    Costa DL, Collins ML, Perl SJ, Albrethsen MJ, Silowash GJ, Spooner DL (2014) An ontology for insider threat indicators: development and applications. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 48–53. http://ceur-ws.org/Vol-1304/STIDS2014_T07_CostaEtAl.pdf
  21. 21.
    Falk C (2016) An ontology for threat intelligence. In: Koch R, Rodosek G (eds) Proceedings of the 15th European Conference on Cyber Warfare and Security. Curran Associates, Red Hook, NY, USAGoogle Scholar
  22. 22.
    Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Armistead EL (ed) Proceedings of the 6th International Conference on Information Warfare and Security. Academic Conferences and Publishing International, Sonning Common, UK, pp 113–125Google Scholar
  23. 23.
    Wolf JP (2013) An ontology for digital forensics in IT security incidents. M.Sc. thesis, University of Augsburg, Augsburg, GermanyGoogle Scholar
  24. 24.
    Oltramari A, Cranor LF, Walls RJ, McDaniel P (2014) Building an ontology of cyber security. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 54–61. http://ceur-ws.org/Vol-1304/STIDS2014_T08_OltramariEtAl.pdf
  25. 25.
    Maines CL, Llewellyn-Jones D, Tang S, Zhou B (2015) A cyber security ontology for BPMN-security extensions. In: Wu Y, Min G, Georgalas N, Hu J, Atzori L, Jin X, Jarvis S, Liu L, Calvo RA (eds) Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. IEEE, New York, pp 1756–1763.  https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.265
  26. 26.
    Ormrod D, Turnbull B, O’Sullivan K (2015) System of systems cyber effects simulation ontology. In: Proceedings of the 2015 Winter Simulation Conference. IEEE, New York, pp 2475–2486.  https://doi.org/10.1109/WSC.2015.7408358
  27. 27.
    Sicilia MA, García-Barriocanal E, Bermejo-Higuera J, Sánchez-Alonso S (2015) What are information security ontologies useful for? In: Garoufallou E, Hartley R, Gaitanou P (eds) Metadata and semantics research. Springer, Cham, pp 51–61.  https://doi.org/10.1007/978-3-319-24129-6_5Google Scholar
  28. 28.
    Gaglio S, Lo Re G (eds) (2014) Advances onto the Internet of Things: how ontologies make the Internet of Things meaningful. Springer, Cham.  https://doi.org/10.1007/978-3-319-03992-3Google Scholar
  29. 29.
    Orwat ME, Levin TE, Irvine CE (2008) An ontological approach to secure MANET management. In: Jakoubi S, Tjoa S, Weippl ER (eds) Proceedings of the Third International Conference on Availability, Reliability and Security. IEEE Computer Society, Los Alamitos, CA, USA, pp 787–794.  https://doi.org/10.1109/ARES.2008.183
  30. 30.
    De Vergara JEL, Villagra VA, Asensio JI, Berrocal J (2003) Ontologies: giving semantics to network management models. IEEE Netw 17(3):15–21.  https://doi.org/10.1109/MNET.2003.1201472CrossRefGoogle Scholar
  31. 31.
    De Paola A, Gatani L, Lo Re G, Pizzitola A, Urso A (2003) A network ontology for computer network management. Technical report No 22. Institute for High Performance Computing and Networking, Palermo, ItalyGoogle Scholar
  32. 32.
    Abar S, Iwaya Y, Abe T, Kinoshita T (2006) Exploiting domain ontologies and intelligent agents: an automated network management support paradigm. In: Chong I, Kawahara K (eds) Information networking. Advances in data communications and wireless networks. Springer, Heidelberg, pp 823–832.  https://doi.org/10.1007/11919568_82CrossRefGoogle Scholar
  33. 33.
    Kodeswaran P, Kodeswaran SB, Joshi A, Perich F (2008) Utilizing semantic policies for managing BGP route dissemination. In: 2008 IEEE INFOCOM Workshops. IEEE, Piscataway, NJ, USA.  https://doi.org/10.1109/INFOCOM.2008.4544611
  34. 34.
    Basile C, Lioy A, Scozzi S, Vallini M (2009) Ontology-based policy translation. In: Herrero Á, Gastaldo P, Zunino R, Corchado E (eds) Computational intelligence in security for information systems. Springer, Heidelberg, pp 117–126.  https://doi.org/10.1007/978-3-642-04091-7_15Google Scholar
  35. 35.
    Ghiran AM, Silaghi GC, Tomai N (2009) Ontology-based tools for automating integration and validation of firewall rules. In: Abramowicz W (ed) Business information systems. Springer, Heidelberg, pp 37–48.  https://doi.org/10.1007/978-3-642-01190-0_4CrossRefGoogle Scholar
  36. 36.
    Choraś M, Flizikowski A, Kozik R, Hołubowicz W (2010) Decision aid tool and ontology-based reasoning for critical infrastructure vulnerabilities and threats analysis. In: Rome E, Bloomfield R (eds) Critical information infrastructures security. Springer, Heidelberg, pp 98–110.  https://doi.org/10.1007/978-3-642-14379-3_9CrossRefGoogle Scholar
  37. 37.
    Miksa K, Sabina P, Kasztelnik M (2010) Combining ontologies with domain specific languages: a case study from network configuration software. In: Aßmann U, Bartho A, Wende C (eds) Reasoning web. Semantic technologies for software engineering. Springer, Heidelberg, pp 99–118.  https://doi.org/10.1007/978-3-642-15543-7_4CrossRefGoogle Scholar
  38. 38.
    ETSI Industry Specification Group (2013) Measurement ontology for IP traffic (MOI); requirements for IP traffic measurement ontologies development. ETSI, Valbonne. http://www.etsi.org/deliver/etsi_gs/MOI/001_099/003/01.01.01_60/gs_moi003v010101p.pdf
  39. 39.
    Martínez A, Yannuzzi M, Serral-Gracià R, Ramírez W (2014) Ontology-based information extraction from the configuration command line of network routers. In: Prasath R, O’Reilly P, Kathirvalavakumar T (eds) Mining intelligence and knowledge exploration. Springer, Cham, pp 312–322.  https://doi.org/10.1007/978-3-319-13817-6_30Google Scholar
  40. 40.
    Martínez A, Yannuzzi M, López J, Serral-Gracià R, Ramírez W (2015) Applying information extraction for abstracting and automating CLI-based configuration of network devices in heterogeneous environments. In: Laalaoui Y, Bouguila N (eds) Artificial intelligence applications in information and communication technologies. Springer, Cham, pp 167–193.  https://doi.org/10.1007/978-3-319-19833-0_8Google Scholar
  41. 41.
    Laskey K, Chandekar S, Paris B-P (2015) A probabilistic ontology for large-scale IP geolocation. In: Laskey KB, Emmons I, Costa PCG, Oltramari A (eds) Tenth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 18–25. http://ceur-ws.org/Vol-1523/STIDS_2015_T03_Laskey_etal.pdf
  42. 42.
    Moraes PS, Sampaio LN, Monteiro JAS, Portnoi M (2008) MonONTO: a domain ontology for network monitoring and recommendation for advanced Internet applications users. In: 2008 IEEE Network Operations and Management Symposium Workshops–NOMS 2008. IEEE, Piscataway, NJ, USA.  https://doi.org/10.1109/NOMSW.2007.21
  43. 43.
    Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Representing network knowledge using provenance-aware formalisms for cyber-situational awareness. Procedia Comput Sci 126C: 29–38CrossRefGoogle Scholar
  44. 44.
    Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Automated reasoning over provenance-aware communication network knowledge in support of cyber-situational awareness. In: Liu W, Giunchiglia F, Yang B (eds) Knowledge science, engineering and management. Springer, Cham., pp. 132–143.  https://doi.org/10.1007/978-3-319-99247-1_12CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of South AustraliaAdelaideAustralia

Personalised recommendations