Abstract
The identification of network attacks in real-time is becoming increasingly important. Most Artificial Intelligence (AI) applications use machine learning to do the classification of attack types but the advantage of an ontological approach is that automated reasoning is the underpinning theory rather than automated learning. Automated reasoners allow automated classification and this powerful feature is the basis for the developing of an early warning system for active network attacks. In this paper, the authors describe how to employ Semantic Technologies by building an ontology to identify network attack types in order to support the automated classification of current network attacks by recognising relevant properties which are then mapped to relevant attack scenarios depicted in the ontology. The classes and relationships of the ontology are described formally and implemented in Protégé, an ontology editor. The Attack Scenario class, a core class of the ontology, represents types of network attacks, for example, a Denial of Service attack. The ontology is evaluated by showing three examples of real attacks that are correctly classified by the presented ontology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Balepin, I., Maltsev, S., Rowe, J., & Levitt, K. (2003). Using specification-based intrusion detection for automated response. In Recent advances in intrusion detection (pp. 136–154).
Gruber, T. R. (1993). A translation approach to portable ontology specifications. Knowledge Acquisition, 5(2), 199–220.
Noy, N. F., & McGuinness, D. (2001). Ontology development 101: A guide to creating your first ontology. Technical report KSL-01-05, SMI-2001-0880, Stanford Knowledge Systems Laboratory and Stanford Medical Informatics Technical Report
Velasco, D., & Rodriguez, G. (2017). Ontologies for network security and future challenges. arXiv:abs/1704.02441.
Abioye, T. E., Arogundade, O. T., Misra, S., Akinwale, A. T., & Adeniran, O. J. (2020). Toward ontology-based risk management framework for software projects: An empirical study. Journal of Software: Evolution and Process, 32(12),
van Heerden, R. P., Burke, I.D., & Irwin, B. (2012). Classifying network attack scenarios using an ontology. In Proceedings of ICIW 2012 the 7th International Conference on Information-Warfare & Security (pp. 311–324).
Simmonds, A., Sandilands, P., & van Ekert, L. (2004). An ontology for network security attacks. In S. Manandhar, J. Austin, U. Desai, Y. Oyanagi et al. (Eds.), Applied computing (pp. 317–323). Springer.
Tariq, M. A., Joel, Brynielsson, J., & Artman, H. (2012). Framing the attacker in organized cybercrime. In European Intelligence and Security Informatics Conference. IEEE.
Brynielsson, J., Franke, U., Tariq, M. A., & Varga, S. (2016). Using cyber defense exercises to obtain additional data for attacker profiling. In IEEE Conference on Intelligence and Security Informatics (ISI). IEEE.
Gheyas, I. A., & Abdallah, A. E. (2016). Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis. Big Data Analytics, 1(1), 6.
Undercoffer, J., Pinkston, J., Joshi, A., & Finin, T. (2004). A target-centric ontology for intrusion detection. In 18th International Joint Conference on Artificial Intelligence (pp. 9–15).
Syed, Z., Padia, A., Finin, T., Mathews, L., & Joshi, A. (2016). UCO: A unified cybersecurity ontology. In UMBC Student Collection.
Dreyfuss, R. C., & Lobel, O. (2016). Economic espionage as reality or rhetoric: Equating trade secrecy with national security. Lewis & Clark Law Review, 20, 419.
Kim, A. C. (2018). Prosecuting Chinese Spies: An empirical analysis of the economic espionage act. Cardozo Law Review, 40, 749.
Mozzaquatro, B. A., Agostinho, C., Goncalves, D., Martins, J., & Jardim-Goncalves, R. (2018). An ontology-based cybersecurity framework for the Internet of Things. Sensors, 18(9), 3053.
Riesco, R., & Villagrá, V. A. (2019). Leveraging cyber threat intelligence for a dynamic risk framework. International Journal of Information Security, 18(6), 715–739.
Doynikova, E., Fedorchenko, A., & Kotenko, I.(2019). Ontology of metrics for cyber security assessment. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1–8).
Simmonds, A., Sandilands, P., & Van Ekert, L. (2004). An ontology for network security attacks. In Asian Applied Computing Conference (pp. 317–323). Springer.
Arunadevi, M., & Perumal, S. K. (2016). Ontology based approach for network security. In 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT) (pp. 573–578).
Yuan, P., Zeng, Q., & Ding, X. (2015). Hardware-assisted fine-grained code-reuse attack detection. In International Symposium on Recent Advances in Intrusion Detection (pp. 66–85). Springer.
Hansman, S. (2003). A taxonomy of network and computer attack methodologies. Master’s thesis, Department of Computer Science and Software Engineering, University of Canterbury, New Zealand.
Patel, S. K., & Sonker, A. (2016). Rule-based network intrusion detection system for port scanning with efficient port scan detection rules using snort. International Journal of Future Generation Communication and Networking, 9(6), 339–350.
Ben-Asher, N., Oltramari, A., Erbacher, R. F., and Gonzalez, C. (2015). Ontology-based adaptive systems of cyber defense. In STIDS (pp. 34–41).
Ghiëtte, V., Blenn, N., & Doerr, C. (2016). Remote identification of port scan toolchains. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1–5). IEEE.
Simon, K. (2016). Vulnerability analysis using Google and Shodan. In International Conference on Cryptology and Network Security (pp. 725–730). Springer.
Singh, P., Thevar, K., Shetty, P., & Shaikh, B. (2015). Detection of SQL injection and XSS vulnerability in web application. International Journal of Engineering and Applied Sciences, 2(3).
Mereani, F. A., & Howe, J.M. (2018). Detecting cross-site scripting attacks using machine learning. In International Conference on Advanced Machine Learning Technologies and Applications (pp. 200–210). Springer.
Azeez, N. A., Ayemobola, T. J., Misra, S., Maskeliūnas, R., & Damaševičius, R. (2019). Network intrusion detection with a hashing based Apriori algorithm using Hadoop MapReduce. Computers, 8(4), 86.
Azeez, N. A., Salaudeen, B. B., Misra, S., Damaševičius, R., & Maskeliūnas, R. (2020). Identifying phishing attacks in communication networks using URL consistency features. International Journal of Electronic Security and Digital Forensics, 12(2), 200–213.
Yusof, A. R. A., Udzir, N. I., & Selamat, A. (2019). Systematic literature review and taxonomy for DDoS attack detection and prediction. International Journal of Digital Enterprise Technology, 1(3), 292–315.
Liu, R., Vellaithurai, C., Biswas, S. S., Gamage, T. T., & Srivastava, A. K. (2015). Analyzing the cyber-physical impact of cyber events on the power grid. IEEE Transactions on Smart Grid, 6(5), 2444–2453.
Thakur, K., Ali, M. L., Jiang, N., & Qiu, M. (2016). Impact of cyber-attacks on critical infrastructure. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) (pp. 183–186).
Pogrebna, G., & Skilton, M. (2019). A sneak peek into the motivation of a cybercriminal. In Navigating new cyber risks (pp. 31–54). Springer.
Rege, A., Obradovic, Z., Asadi, N., Singer, B., & Masceri, N. (2017). A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies. In 2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA) (pp. 1–7). IEEE.
Pei, K., Gu, Z., Saltaformaggio, B., Ma, S., Wang, F., Zhang, Z., Si, L., Zhang, X., & Xu, D. (2016). Hercule: attack story reconstruction via community discovery on correlated log graph. In Proceedings of the 32nd Annual Conference on Computer Security Applications (pp. 583–595).
Asadi, N., Rege, A., & Obradovic, Z. (2018). Analysis of adversarial movement through characteristics of graph topological ordering. In 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA) (pp. 1–6). IEEE.
Subairu, S. O., Alhassan, J., Misra, S., Abayomi-Alli, O., Ahuja, R., Damasevicius, R., & Maskeliunas, R. (2020). An experimental approach to unravel effects of malware on system network interface. In Advances in data sciences, security and applications (pp. 225–235). Springer.
Warren, P., Kaivanto, K., & Prince, D. (2018). Could a cyber attack cause a systemic impact in the financial sector? Bank of England Quarterly Bulletin, 58(4), 21–30.
Irmak, E., & Erkek, İ. (2018). An overview of cyber-attack vectors on SCADA systems. In 2018 6th International Symposium on Digital Forensic and Security (ISDFS) (pp. 1–5). IEEE.
Sigler, K. (2018). Crypto-jacking: how cyber-criminals are exploiting the crypto-currency boom. Computer Fraud & Security, 2018(9), 12–14.
Mansfield-Devine, S. (2015). The growth and evolution of DDoS. Network Security, 2015(10), 13–20.
Piggin, R. (2016). Cyber security trends: What should keep CEOs awake at night. International Journal of Critical Infrastructure Protection, 13, 36–38.
Whitler, K. A., & Farris, P. W. (2017). The impact of cyber attacks on brand image: Why proactive marketing expertise is needed for managing data breaches. Journal of Advertising Research, 57(1), 3–9.
Comer, D. E. (2018). The Internet book: Everything you need to know about computer networking and how the Internet works (5th ed.). CRC Press.
Edwards, B. J. (2016). Evidence-based Cybersecurity: Data-driven and abstract models (Doctoral dissertation, The University of New Mexico).
Al-Mhiqani, M. N., Ahmad, R., Yassin, W., Hassan, A., Abidin, Z. Z., Ali, N. S., et al. (2018). Cyber-security incidents: A review cases in cyber-physical systems. International Journal of Advanced Computer Science and Applications, 9(1), 499–508.
Simmonds, A., Sandilands, P., & van Ekert, L. (2004). An ontology for network security attacks. In S. Manandhar, J. Austin, U. Desai, Y. Oyanagi et al. (Eds.), Applied computing (pp. 317–323). Springer.
Burnap, P., French, R., Turner, F., & Jones, K. (2018). Malware classification using self organising feature maps and machine activity data. Computers & Security, 73, 399–410.
Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., & Disso, J. (2016). Cyber-attack modeling analysis techniques: An overview. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 69–76). IEEE.
Shah, S., & Mehtre, B. M. (2015). An overview of vulnerability assessment and penetration testing techniques. Journal of Computer Virology and Hacking Techniques, 11(1), 27–49.
Arogundade, O. T., Abioye, T. E., & Sanjay, M. (2020). An ontological approach to threats pattern collection and classification: A preliminary study to security management. International Journal of Electronic Security and Digital Forensics, 12(3), 323–335.
Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12).
Hou, T., & Wang, V. (2020). Industrial espionage—A systematic literature review (SLR). Computers & Security.
Maggi, F., Balduzzi, M., Flores, R., Gu, L., & Ciancaglini, V. (2018). Investigating web defacement campaigns at large. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp. 443–456).
Gupta, R., & Agarwal, S. P. (2017). A comparative study of cyber threats in emerging economies. Globus: An International Journal of Management & IT, 8(2), 24–28.
Scharffe, F., & de Bruijn, J.(2005). A language to specify mappings between ontologies. In Proceedings of the 1st International Conference on Signal-Image Technology and Internet-Based Systems, (SITIS 2005), November 27–December 1. Dicolor Press.
Davies, J., Studer, R., & Warren, P. (2006). Semantic web technologies (pp. 4118). Wiley.
Chaudhri, V. K., Farquhar, A., Fikes, R., Karp, P. D., et al. (1998). OKBC: A programmatic foundation for knowledge base interoperability. In Proceedings of the National Conference on Artificial Intelligence (pp. 600–607).
Wang, A., Chang, W., Chen, S., & Mohaisen, A. (2018). Delving into internet DDoS attacks by botnets: Characterization and analysis. IEEE/ACM Transactions on Networking (TON), 26(6).
Saied, A., Overill, R. E., & Radzik, T. (2016). Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing, 172, 385–393.
Santanna, J. J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L.Z., & Pras, A. (2015). Booters—An analysis of DDoS-as-a-service attacks. In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) (pp. 243–251). IEEE.
Dayanandam, G., Rao, T. V., Babu, D. B., & Durga, S. N. (2019). DDoS attacks—Analysis and prevention. In Innovations in Computer Science and Engineering (pp. 1–10). Springer.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack and its effect in cloud environment. Procedia Computer Science, 49, 202–210.
Shamsolmoali, P., Zareapoor, M., & Alam, M. A. (2017). Multi-aspect DDOS detection system for securing cloud network. In Handbook of research on end-to-end cloud computing architecture design (pp. 222–252). IGI Global.
Miao, L., Ding, W., & Gong, J. (2015). A real-time method for detecting internet-wide SYN flooding attacks. In The 21st IEEE International Workshop on Local and Metropolitan Area Networks (pp. 1–6). IEEE.
Wen, W., Ceccagnoli, M., & Forman, C. (2016). Opening up intellectual property strategy: Implications for open source software entry by start-up firms. Management Science, 62(9), 2668–2691.
Gupta, B. B., & Badve, O. P. (2017). Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications, 28(12).
Wong, F., & Tan, C. X. (2014). A survey of trends in massive DDoS attacks and cloud-based mitigations. International Journal of Network Security & Its Applications, 6(3), 57.
Westerlund, M., Craigen, D., Bailetti, T., & Agwae, U. (2019). A three-vector approach to blind spots in cybersecurity. In Advanced methodologies and technologies in system security, information privacy, and forensics (pp. 93–104). IGI Global.
Hammi, B., Zeadally, S., & Khatoun, R. (2019). An empirical investigation of Botnet as a service for cyberattacks. Transactions on Emerging Telecommunications Technologies, 30(3).
Oxford Analytica: Audacity of SolarWinds hack will harden Western policy, Expert Briefings (2020). https://doi.org/10.1108/oxan-es258311.
Panettieri, J. (2020). SolarWinds orion hack: SUNBURST security incident Timeline, Channelle22.
Kreb, B. (2020). Malicious domain in SolarWinds hack turned into ‘Killswitch’. Krebs on Security.
Assal, H., & Chiasson, S. (2018). Security in the software development lifecycle. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) (pp. 281–296).
Microsoft Threat Intelligence Center (MSTIC): Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers, Microsoft (2020).
Polatidis, N., Pimenidis, E., Pavlidis, M., Papastergiou, S., & Mouratidis, H. (2018). From product recommendation to cyber-attack prediction: Generating attack graphs and predicting future attacks. Evolving Systems, 1–12.
Omitola, T., & Wills, G. (2018). Towards mapping the security challenges of the Internet of Things (IOT) supply chain. Procedia Computer Science, 126, 441–450.
Arogundade, O. T., Abayomi-Alli, A., & Misra, S. (2020). An ontology-based security risk management model for information systems. Arabian Journal for Science and Engineering, 1–16.
Robinson, M., Jones, K., & Janicke, H. (2015). Cyber warfare: Issues and challenges. Computers & Security, 49, 70–94.
Yeboah-Ofori, A., & Islam, S. (2019). Cyber security threat modeling for supply chain organizational environments. Future Internet, 11(3), 63.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
van Heerden, R., Leenen, L., Irwin, B. (2021). Description of a Network Attack Ontology Presented Formally. In: Misra, S., Kumar Tyagi, A. (eds) Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities. Studies in Computational Intelligence, vol 972. Springer, Cham. https://doi.org/10.1007/978-3-030-72236-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-72236-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72235-7
Online ISBN: 978-3-030-72236-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)