Abstract
Network vulnerability checking, automated cyberthreat intelligence, and real-time cybersituational awareness require task automation that benefit from formally described conceptual models. Knowledge organization systems, including controlled vocabularies, taxonomies, and ontologies, can provide the network semantics needed to turn raw network data into valuable information for cybersecurity specialists. The formal knowledge representation of cyberspace concepts and properties in the form of upper and domain ontologies that capture the semantics of network topologies and devices, information flow, vulnerabilities, and cyberthreats can be used for application-specific, situation-aware querying and knowledge discovery via automated reasoning. The corresponding structured data can be used for network monitoring, cybersituational awareness, anomaly detection, vulnerability assessment, and cybersecurity countermeasures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
Because this is a very common predicate, Turtle allows the abbreviation of rdf:type simply as a.
- 9.
Internationalized resource identifier.
- 10.
- 11.
- 12.
These may be complemented by SWRL rules, although doing so can result in undecidability.
- 13.
Providing examples for each constructor is beyond the scope of this chapter. For a detailed description, see https://www.w3.org/TR/owl2-quick-reference/
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
Border Gateway Protocol.
- 39.
Semantic Web Rule Language.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
References
Sikos LF (2015) Mastering structured data on the Semantic Web: from HTML5 Microdata to Linked Open Data. Apress, New York. https://doi.org/10.1007/978-1-4842-1049-9
Sikos LF (2017) Description logics in multimedia reasoning. Springer, Cham. https://doi.org/10.1007/978-3-319-54066-5
Avizienis A, Laprie J-C, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Depend Secur Comput 1(1):11–33. https://doi.org/10.1109/TDSC.2004.2
Hansman S, Hunt R (2005) A taxonomy of network and computer attacks. Comput Secur 24(1):31–43. https://doi.org/10.1016/j.cose.2004.06.011
Gao J, Zhang B, Chen X, Luo Z (2013) Ontology-based model of network and computer attacks for security assessment. J Shanghai Jiaotong Univ (Sci) 18(5):554–562. https://doi.org/10.1007/s12204-013-1439-5
Burger EW, Goodman MD, Kampanakis P (2014) Taxonomy model for cyber threat intelligence information exchange technologies. In: Ahn G-J, Sander T (eds) Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security. ACM, New York, pp 51–60. https://doi.org/10.1145/2663876.2663883
Takahashi T, Kadobayashi Y (2015) Reference ontology for cybersecurity operational information. Comput J 58(10):2297–2312. https://doi.org/10.1093/comjnl/bxu101
Tsoumas B, Papagiannakopoulos P, Dritsas S, Gritzalis D (2006) Security-by-ontology: a knowledge-centric approach. In: Fischer-Hübner S, Rannenberg K, Yngström L, Lindskog S (eds) Security and privacy in dynamic environments. Springer, Boston, pp 99–110. https://doi.org/10.1007/0-387-33406-8_9
Vorobiev A, Bekmamedova N (2007) An ontological approach applied to information security and trust. In: Cater-Steel A, Roberts L, Toleman M (eds) ACIS2007 Toowoomba 5–7 December 2007: Delegate Handbook for the 18th Australasian Conference on Information Systems. University of Southern Queensland, Toowoomba, Australia. http://aisel.aisnet.org/acis2007/114/
Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Li W, Susilo W, Tupakula U, Safavi-Naini R, Varadharajan V (eds) Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. ACM, New York, pp 183–194. https://doi.org/10.1145/1533057.1533084
Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA
Wali A, Chun SA, Geller J (2013) A bootstrapping approach for developing a cyber-security ontology using textbook index terms. In: Guerrero JE (ed) Proceedings of the 2013 International Conference on Availability, Reliability, and Security. IEEE Computer Society, Washington, pp 569–576. https://doi.org/10.1109/ARES.2013.75
Syed Z, Padia A, Mathews ML, Finin T, Joshi A (2016) UCO: a unified cybersecurity ontology. In: Wong W-K, Lowd D (eds) Proceedings of the Thirtieth AAAI Workshop on Artificial Intelligence for Cyber Security. AAAI Press, Palo Alto, CA, USA, pp 195–202. https://www.aaai.org/ocs/index.php/WS/AAAIW16/paper/download/12574/12365
He Y, Chen W, Yang M, Peng W (2004) Ontology-based cooperative intrusion detection system. In: Jin H, Gao GR, Xu Z, Chen H (eds) Network and parallel computing. Springer, Heidelberg, pp 419–426. https://doi.org/10.1007/978-3-540-30141-7_59
Obrst L, Chase P, Markeloff R (2012) Developing an ontology of the cyber security domain. In: Costa PCG, Laskey KB (eds) Proceedings of the Seventh International Conference on Semantic Technologies for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 49–56. http://ceur-ws.org/Vol-966/STIDS2012_T06_ObrstEtAl_CyberOntology.pdf
Grégio A, Bonacin R, Nabuco O, Afonso VM, De Geus PL, Jino M (2014) Ontology for malware behavior: a core model proposal. In: Reddy SM (ed) Proceedings of the 2014 IEEE 23rd International WETICE Conference. IEEE, New York, pp 453–458. https://doi.org/10.1109/WETICE.2014.72
Asgarli E, Burger E (2016) Semantic ontologies for cyber threat sharing standards. In: Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security. IEEE, New York. https://doi.org/10.1109/THS.2016.7568896
Ussath M, Jaeger D, Cheng F, Meinel C (2016) Pushing the limits of cyber threat intelligence: extending STIX to support complex patterns. In: Latifi S (ed) Information technology: new generations. Springer, Cham, pp 213–225. https://doi.org/10.1007/978-3-319-32467-8_20
Ekelhart A, Fenz S, Klemen M, Weippl E (2007) Security ontologies: improving quantitative risk analysis. In: Sprague RH (ed) Proceedings of the 40th Annual Hawaii International Conference on System Sciences. IEEE Computer Society, Los Alamitos, CA, USA. https://doi.org/10.1109/HICSS.2007.478
Costa DL, Collins ML, Perl SJ, Albrethsen MJ, Silowash GJ, Spooner DL (2014) An ontology for insider threat indicators: development and applications. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 48–53. http://ceur-ws.org/Vol-1304/STIDS2014_T07_CostaEtAl.pdf
Falk C (2016) An ontology for threat intelligence. In: Koch R, Rodosek G (eds) Proceedings of the 15th European Conference on Cyber Warfare and Security. Curran Associates, Red Hook, NY, USA
Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Armistead EL (ed) Proceedings of the 6th International Conference on Information Warfare and Security. Academic Conferences and Publishing International, Sonning Common, UK, pp 113–125
Wolf JP (2013) An ontology for digital forensics in IT security incidents. M.Sc. thesis, University of Augsburg, Augsburg, Germany
Oltramari A, Cranor LF, Walls RJ, McDaniel P (2014) Building an ontology of cyber security. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 54–61. http://ceur-ws.org/Vol-1304/STIDS2014_T08_OltramariEtAl.pdf
Maines CL, Llewellyn-Jones D, Tang S, Zhou B (2015) A cyber security ontology for BPMN-security extensions. In: Wu Y, Min G, Georgalas N, Hu J, Atzori L, Jin X, Jarvis S, Liu L, Calvo RA (eds) Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. IEEE, New York, pp 1756–1763. https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.265
Ormrod D, Turnbull B, O’Sullivan K (2015) System of systems cyber effects simulation ontology. In: Proceedings of the 2015 Winter Simulation Conference. IEEE, New York, pp 2475–2486. https://doi.org/10.1109/WSC.2015.7408358
Sicilia MA, García-Barriocanal E, Bermejo-Higuera J, Sánchez-Alonso S (2015) What are information security ontologies useful for? In: Garoufallou E, Hartley R, Gaitanou P (eds) Metadata and semantics research. Springer, Cham, pp 51–61. https://doi.org/10.1007/978-3-319-24129-6_5
Gaglio S, Lo Re G (eds) (2014) Advances onto the Internet of Things: how ontologies make the Internet of Things meaningful. Springer, Cham. https://doi.org/10.1007/978-3-319-03992-3
Orwat ME, Levin TE, Irvine CE (2008) An ontological approach to secure MANET management. In: Jakoubi S, Tjoa S, Weippl ER (eds) Proceedings of the Third International Conference on Availability, Reliability and Security. IEEE Computer Society, Los Alamitos, CA, USA, pp 787–794. https://doi.org/10.1109/ARES.2008.183
De Vergara JEL, Villagra VA, Asensio JI, Berrocal J (2003) Ontologies: giving semantics to network management models. IEEE Netw 17(3):15–21. https://doi.org/10.1109/MNET.2003.1201472
De Paola A, Gatani L, Lo Re G, Pizzitola A, Urso A (2003) A network ontology for computer network management. Technical report No 22. Institute for High Performance Computing and Networking, Palermo, Italy
Abar S, Iwaya Y, Abe T, Kinoshita T (2006) Exploiting domain ontologies and intelligent agents: an automated network management support paradigm. In: Chong I, Kawahara K (eds) Information networking. Advances in data communications and wireless networks. Springer, Heidelberg, pp 823–832. https://doi.org/10.1007/11919568_82
Kodeswaran P, Kodeswaran SB, Joshi A, Perich F (2008) Utilizing semantic policies for managing BGP route dissemination. In: 2008 IEEE INFOCOM Workshops. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/INFOCOM.2008.4544611
Basile C, Lioy A, Scozzi S, Vallini M (2009) Ontology-based policy translation. In: Herrero Á, Gastaldo P, Zunino R, Corchado E (eds) Computational intelligence in security for information systems. Springer, Heidelberg, pp 117–126. https://doi.org/10.1007/978-3-642-04091-7_15
Ghiran AM, Silaghi GC, Tomai N (2009) Ontology-based tools for automating integration and validation of firewall rules. In: Abramowicz W (ed) Business information systems. Springer, Heidelberg, pp 37–48. https://doi.org/10.1007/978-3-642-01190-0_4
Choraś M, Flizikowski A, Kozik R, Hołubowicz W (2010) Decision aid tool and ontology-based reasoning for critical infrastructure vulnerabilities and threats analysis. In: Rome E, Bloomfield R (eds) Critical information infrastructures security. Springer, Heidelberg, pp 98–110. https://doi.org/10.1007/978-3-642-14379-3_9
Miksa K, Sabina P, Kasztelnik M (2010) Combining ontologies with domain specific languages: a case study from network configuration software. In: Aßmann U, Bartho A, Wende C (eds) Reasoning web. Semantic technologies for software engineering. Springer, Heidelberg, pp 99–118. https://doi.org/10.1007/978-3-642-15543-7_4
ETSI Industry Specification Group (2013) Measurement ontology for IP traffic (MOI); requirements for IP traffic measurement ontologies development. ETSI, Valbonne. http://www.etsi.org/deliver/etsi_gs/MOI/001_099/003/01.01.01_60/gs_moi003v010101p.pdf
Martínez A, Yannuzzi M, Serral-Gracià R, Ramírez W (2014) Ontology-based information extraction from the configuration command line of network routers. In: Prasath R, O’Reilly P, Kathirvalavakumar T (eds) Mining intelligence and knowledge exploration. Springer, Cham, pp 312–322. https://doi.org/10.1007/978-3-319-13817-6_30
Martínez A, Yannuzzi M, López J, Serral-Gracià R, Ramírez W (2015) Applying information extraction for abstracting and automating CLI-based configuration of network devices in heterogeneous environments. In: Laalaoui Y, Bouguila N (eds) Artificial intelligence applications in information and communication technologies. Springer, Cham, pp 167–193. https://doi.org/10.1007/978-3-319-19833-0_8
Laskey K, Chandekar S, Paris B-P (2015) A probabilistic ontology for large-scale IP geolocation. In: Laskey KB, Emmons I, Costa PCG, Oltramari A (eds) Tenth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 18–25. http://ceur-ws.org/Vol-1523/STIDS_2015_T03_Laskey_etal.pdf
Moraes PS, Sampaio LN, Monteiro JAS, Portnoi M (2008) MonONTO: a domain ontology for network monitoring and recommendation for advanced Internet applications users. In: 2008 IEEE Network Operations and Management Symposium Workshops–NOMS 2008. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/NOMSW.2007.21
Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Representing network knowledge using provenance-aware formalisms for cyber-situational awareness. Procedia Comput Sci 126C: 29–38
Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Automated reasoning over provenance-aware communication network knowledge in support of cyber-situational awareness. In: Liu W, Giunchiglia F, Yang B (eds) Knowledge science, engineering and management. Springer, Cham., pp. 132–143. https://doi.org/10.1007/978-3-319-99247-1_12
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Sikos, L.F. (2019). OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge. In: Sikos, L. (eds) AI in Cybersecurity. Intelligent Systems Reference Library, vol 151. Springer, Cham. https://doi.org/10.1007/978-3-319-98842-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-98842-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98841-2
Online ISBN: 978-3-319-98842-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)