Skip to main content
SpringerLink
Log in

OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge

  • Chapter
  • First Online:
AI in Cybersecurity

Part of the book series: Intelligent Systems Reference Library ((ISRL,volume 151))

Abstract

Network vulnerability checking, automated cyberthreat intelligence, and real-time cybersituational awareness require task automation that benefit from formally described conceptual models. Knowledge organization systems, including controlled vocabularies, taxonomies, and ontologies, can provide the network semantics needed to turn raw network data into valuable information for cybersecurity specialists. The formal knowledge representation of cyberspace concepts and properties in the form of upper and domain ontologies that capture the semantics of network topologies and devices, information flow, vulnerabilities, and cyberthreats can be used for application-specific, situation-aware querying and knowledge discovery via automated reasoning. The corresponding structured data can be used for network monitoring, cybersituational awareness, anomaly detection, vulnerability assessment, and cybersecurity countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.w3.org/RDF/

  2. 2.

    https://www.w3.org/TR/rdf-syntax-grammar/

  3. 3.

    https://www.w3.org/TR/turtle/

  4. 4.

    https://www.w3.org/TR/n-triples/

  5. 5.

    https://www.w3.org/TR/json-ld/

  6. 6.

    https://www.w3.org/TR/rdfa-primer/

  7. 7.

    https://www.w3.org/TR/microdata/

  8. 8.

    Because this is a very common predicate, Turtle allows the abbreviation of rdf:type simply as a.

  9. 9.

    Internationalized resource identifier.

  10. 10.

    https://www.w3.org/TR/rdf-schema/

  11. 11.

    https://www.w3.org/OWL/

  12. 12.

    These may be complemented by SWRL rules, although doing so can result in undecidability.

  13. 13.

    Providing examples for each constructor is beyond the scope of this chapter. For a detailed description, see https://www.w3.org/TR/owl2-quick-reference/

  14. 14.

    https://cve.mitre.org

  15. 15.

    https://www.owasp.org

  16. 16.

    http://www.openioc.org

  17. 17.

    https://oasis-open.github.io/cti-documentation/stix/intro

  18. 18.

    https://www.ietf.org/rfc/rfc5070.txt

  19. 19.

    https://www.iso.org

  20. 20.

    https://www.oasis-open.org

  21. 21.

    https://www.nist.gov

  22. 22.

    https://www.itu.int

  23. 23.

    https://www.mitre.org

  24. 24.

    https://www.ogf.org

  25. 25.

    https://www.ieee.org

  26. 26.

    https://capec.mitre.org

  27. 27.

    https://www.iso.org/standard/44375.html

  28. 28.

    https://www.itu.int/rec/T-REC-E.409-200405-I/en

  29. 29.

    https://www.itu.int/rec/T-REC-X.1500/en

  30. 30.

    https://www.ietf.org/rfc/rfc2350.txt

  31. 31.

    https://www.iso.org/isoiec-27001-information-security.html

  32. 32.

    https://github.com/Ebiquity/Unified-Cybersecurity-Ontology/blob/master/uco_1_5_rdf.owl

  33. 33.

    https://www.recordedfuture.com/malware-ontology/

  34. 34.

    https://raw.githubusercontent.com/mswimmer/IRTI-Ontology/master/irti.rdf

  35. 35.

    http://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_112_465537.owl

  36. 36.

    https://github.com/AustralianCentreforCyberSecurity/Cyber-Simulation-Terrain/blob/master/v1-0/cyber/ThreatSimulationOntology/tso.ttl

  37. 37.

    https://tools.ietf.org/html/rfc2501

  38. 38.

    Border Gateway Protocol.

  39. 39.

    Semantic Web Rule Language.

  40. 40.

    https://www.iso.org/standard/39066.html

  41. 41.

    https://tools.ietf.org/html/rfc3418

  42. 42.

    https://www.ietf.org/rfc/rfc3955.txt

  43. 43.

    https://tools.ietf.org/html/rfc6576

  44. 44.

    http://www.datcat.org

  45. 45.

    https://www.itu.int/rec/T-REC-M.3100/en

  46. 46.

    https://www.dmtf.org/standards/cim

  47. 47.

    https://github.com/twosixlabs/icas-ontology/blob/master/ontology/ipnet.ttl

  48. 48.

    http://purl.org/ontology/network/

  49. 49.

    https://www.w3.org/TR/prov-o/

  50. 50.

    https://www.w3.org/TR/trig/

References

  1. Sikos LF (2015) Mastering structured data on the Semantic Web: from HTML5 Microdata to Linked Open Data. Apress, New York. https://doi.org/10.1007/978-1-4842-1049-9

    Book  Google Scholar 

  2. Sikos LF (2017) Description logics in multimedia reasoning. Springer, Cham. https://doi.org/10.1007/978-3-319-54066-5

    Book  Google Scholar 

  3. Avizienis A, Laprie J-C, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Depend Secur Comput 1(1):11–33. https://doi.org/10.1109/TDSC.2004.2

    Article  Google Scholar 

  4. Hansman S, Hunt R (2005) A taxonomy of network and computer attacks. Comput Secur 24(1):31–43. https://doi.org/10.1016/j.cose.2004.06.011

    Article  Google Scholar 

  5. Gao J, Zhang B, Chen X, Luo Z (2013) Ontology-based model of network and computer attacks for security assessment. J Shanghai Jiaotong Univ (Sci) 18(5):554–562. https://doi.org/10.1007/s12204-013-1439-5

    Article  Google Scholar 

  6. Burger EW, Goodman MD, Kampanakis P (2014) Taxonomy model for cyber threat intelligence information exchange technologies. In: Ahn G-J, Sander T (eds) Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security. ACM, New York, pp 51–60. https://doi.org/10.1145/2663876.2663883

  7. Takahashi T, Kadobayashi Y (2015) Reference ontology for cybersecurity operational information. Comput J 58(10):2297–2312. https://doi.org/10.1093/comjnl/bxu101

    Article  Google Scholar 

  8. Tsoumas B, Papagiannakopoulos P, Dritsas S, Gritzalis D (2006) Security-by-ontology: a knowledge-centric approach. In: Fischer-Hübner S, Rannenberg K, Yngström L, Lindskog S (eds) Security and privacy in dynamic environments. Springer, Boston, pp 99–110. https://doi.org/10.1007/0-387-33406-8_9

  9. Vorobiev A, Bekmamedova N (2007) An ontological approach applied to information security and trust. In: Cater-Steel A, Roberts L, Toleman M (eds) ACIS2007 Toowoomba 5–7 December 2007: Delegate Handbook for the 18th Australasian Conference on Information Systems. University of Southern Queensland, Toowoomba, Australia. http://aisel.aisnet.org/acis2007/114/

  10. Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Li W, Susilo W, Tupakula U, Safavi-Naini R, Varadharajan V (eds) Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. ACM, New York, pp 183–194. https://doi.org/10.1145/1533057.1533084

  11. Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA

    Google Scholar 

  12. Wali A, Chun SA, Geller J (2013) A bootstrapping approach for developing a cyber-security ontology using textbook index terms. In: Guerrero JE (ed) Proceedings of the 2013 International Conference on Availability, Reliability, and Security. IEEE Computer Society, Washington, pp 569–576. https://doi.org/10.1109/ARES.2013.75

  13. Syed Z, Padia A, Mathews ML, Finin T, Joshi A (2016) UCO: a unified cybersecurity ontology. In: Wong W-K, Lowd D (eds) Proceedings of the Thirtieth AAAI Workshop on Artificial Intelligence for Cyber Security. AAAI Press, Palo Alto, CA, USA, pp 195–202. https://www.aaai.org/ocs/index.php/WS/AAAIW16/paper/download/12574/12365

  14. He Y, Chen W, Yang M, Peng W (2004) Ontology-based cooperative intrusion detection system. In: Jin H, Gao GR, Xu Z, Chen H (eds) Network and parallel computing. Springer, Heidelberg, pp 419–426. https://doi.org/10.1007/978-3-540-30141-7_59

    Google Scholar 

  15. Obrst L, Chase P, Markeloff R (2012) Developing an ontology of the cyber security domain. In: Costa PCG, Laskey KB (eds) Proceedings of the Seventh International Conference on Semantic Technologies for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 49–56. http://ceur-ws.org/Vol-966/STIDS2012_T06_ObrstEtAl_CyberOntology.pdf

  16. Grégio A, Bonacin R, Nabuco O, Afonso VM, De Geus PL, Jino M (2014) Ontology for malware behavior: a core model proposal. In: Reddy SM (ed) Proceedings of the 2014 IEEE 23rd International WETICE Conference. IEEE, New York, pp 453–458. https://doi.org/10.1109/WETICE.2014.72

  17. Asgarli E, Burger E (2016) Semantic ontologies for cyber threat sharing standards. In: Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security. IEEE, New York. https://doi.org/10.1109/THS.2016.7568896

  18. Ussath M, Jaeger D, Cheng F, Meinel C (2016) Pushing the limits of cyber threat intelligence: extending STIX to support complex patterns. In: Latifi S (ed) Information technology: new generations. Springer, Cham, pp 213–225. https://doi.org/10.1007/978-3-319-32467-8_20

    Google Scholar 

  19. Ekelhart A, Fenz S, Klemen M, Weippl E (2007) Security ontologies: improving quantitative risk analysis. In: Sprague RH (ed) Proceedings of the 40th Annual Hawaii International Conference on System Sciences. IEEE Computer Society, Los Alamitos, CA, USA. https://doi.org/10.1109/HICSS.2007.478

  20. Costa DL, Collins ML, Perl SJ, Albrethsen MJ, Silowash GJ, Spooner DL (2014) An ontology for insider threat indicators: development and applications. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 48–53. http://ceur-ws.org/Vol-1304/STIDS2014_T07_CostaEtAl.pdf

  21. Falk C (2016) An ontology for threat intelligence. In: Koch R, Rodosek G (eds) Proceedings of the 15th European Conference on Cyber Warfare and Security. Curran Associates, Red Hook, NY, USA

    Google Scholar 

  22. Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Armistead EL (ed) Proceedings of the 6th International Conference on Information Warfare and Security. Academic Conferences and Publishing International, Sonning Common, UK, pp 113–125

    Google Scholar 

  23. Wolf JP (2013) An ontology for digital forensics in IT security incidents. M.Sc. thesis, University of Augsburg, Augsburg, Germany

    Google Scholar 

  24. Oltramari A, Cranor LF, Walls RJ, McDaniel P (2014) Building an ontology of cyber security. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 54–61. http://ceur-ws.org/Vol-1304/STIDS2014_T08_OltramariEtAl.pdf

  25. Maines CL, Llewellyn-Jones D, Tang S, Zhou B (2015) A cyber security ontology for BPMN-security extensions. In: Wu Y, Min G, Georgalas N, Hu J, Atzori L, Jin X, Jarvis S, Liu L, Calvo RA (eds) Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. IEEE, New York, pp 1756–1763. https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.265

  26. Ormrod D, Turnbull B, O’Sullivan K (2015) System of systems cyber effects simulation ontology. In: Proceedings of the 2015 Winter Simulation Conference. IEEE, New York, pp 2475–2486. https://doi.org/10.1109/WSC.2015.7408358

  27. Sicilia MA, García-Barriocanal E, Bermejo-Higuera J, Sánchez-Alonso S (2015) What are information security ontologies useful for? In: Garoufallou E, Hartley R, Gaitanou P (eds) Metadata and semantics research. Springer, Cham, pp 51–61. https://doi.org/10.1007/978-3-319-24129-6_5

    Google Scholar 

  28. Gaglio S, Lo Re G (eds) (2014) Advances onto the Internet of Things: how ontologies make the Internet of Things meaningful. Springer, Cham. https://doi.org/10.1007/978-3-319-03992-3

    Google Scholar 

  29. Orwat ME, Levin TE, Irvine CE (2008) An ontological approach to secure MANET management. In: Jakoubi S, Tjoa S, Weippl ER (eds) Proceedings of the Third International Conference on Availability, Reliability and Security. IEEE Computer Society, Los Alamitos, CA, USA, pp 787–794. https://doi.org/10.1109/ARES.2008.183

  30. De Vergara JEL, Villagra VA, Asensio JI, Berrocal J (2003) Ontologies: giving semantics to network management models. IEEE Netw 17(3):15–21. https://doi.org/10.1109/MNET.2003.1201472

    Article  Google Scholar 

  31. De Paola A, Gatani L, Lo Re G, Pizzitola A, Urso A (2003) A network ontology for computer network management. Technical report No 22. Institute for High Performance Computing and Networking, Palermo, Italy

    Google Scholar 

  32. Abar S, Iwaya Y, Abe T, Kinoshita T (2006) Exploiting domain ontologies and intelligent agents: an automated network management support paradigm. In: Chong I, Kawahara K (eds) Information networking. Advances in data communications and wireless networks. Springer, Heidelberg, pp 823–832. https://doi.org/10.1007/11919568_82

    Chapter  Google Scholar 

  33. Kodeswaran P, Kodeswaran SB, Joshi A, Perich F (2008) Utilizing semantic policies for managing BGP route dissemination. In: 2008 IEEE INFOCOM Workshops. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/INFOCOM.2008.4544611

  34. Basile C, Lioy A, Scozzi S, Vallini M (2009) Ontology-based policy translation. In: Herrero Á, Gastaldo P, Zunino R, Corchado E (eds) Computational intelligence in security for information systems. Springer, Heidelberg, pp 117–126. https://doi.org/10.1007/978-3-642-04091-7_15

    Google Scholar 

  35. Ghiran AM, Silaghi GC, Tomai N (2009) Ontology-based tools for automating integration and validation of firewall rules. In: Abramowicz W (ed) Business information systems. Springer, Heidelberg, pp 37–48. https://doi.org/10.1007/978-3-642-01190-0_4

    Chapter  Google Scholar 

  36. Choraś M, Flizikowski A, Kozik R, Hołubowicz W (2010) Decision aid tool and ontology-based reasoning for critical infrastructure vulnerabilities and threats analysis. In: Rome E, Bloomfield R (eds) Critical information infrastructures security. Springer, Heidelberg, pp 98–110. https://doi.org/10.1007/978-3-642-14379-3_9

    Chapter  Google Scholar 

  37. Miksa K, Sabina P, Kasztelnik M (2010) Combining ontologies with domain specific languages: a case study from network configuration software. In: Aßmann U, Bartho A, Wende C (eds) Reasoning web. Semantic technologies for software engineering. Springer, Heidelberg, pp 99–118. https://doi.org/10.1007/978-3-642-15543-7_4

    Chapter  Google Scholar 

  38. ETSI Industry Specification Group (2013) Measurement ontology for IP traffic (MOI); requirements for IP traffic measurement ontologies development. ETSI, Valbonne. http://www.etsi.org/deliver/etsi_gs/MOI/001_099/003/01.01.01_60/gs_moi003v010101p.pdf

  39. Martínez A, Yannuzzi M, Serral-Gracià R, Ramírez W (2014) Ontology-based information extraction from the configuration command line of network routers. In: Prasath R, O’Reilly P, Kathirvalavakumar T (eds) Mining intelligence and knowledge exploration. Springer, Cham, pp 312–322. https://doi.org/10.1007/978-3-319-13817-6_30

    Google Scholar 

  40. Martínez A, Yannuzzi M, López J, Serral-Gracià R, Ramírez W (2015) Applying information extraction for abstracting and automating CLI-based configuration of network devices in heterogeneous environments. In: Laalaoui Y, Bouguila N (eds) Artificial intelligence applications in information and communication technologies. Springer, Cham, pp 167–193. https://doi.org/10.1007/978-3-319-19833-0_8

    Google Scholar 

  41. Laskey K, Chandekar S, Paris B-P (2015) A probabilistic ontology for large-scale IP geolocation. In: Laskey KB, Emmons I, Costa PCG, Oltramari A (eds) Tenth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 18–25. http://ceur-ws.org/Vol-1523/STIDS_2015_T03_Laskey_etal.pdf

  42. Moraes PS, Sampaio LN, Monteiro JAS, Portnoi M (2008) MonONTO: a domain ontology for network monitoring and recommendation for advanced Internet applications users. In: 2008 IEEE Network Operations and Management Symposium Workshops–NOMS 2008. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/NOMSW.2007.21

  43. Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Representing network knowledge using provenance-aware formalisms for cyber-situational awareness. Procedia Comput Sci 126C: 29–38

    Article  Google Scholar 

  44. Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Automated reasoning over provenance-aware communication network knowledge in support of cyber-situational awareness. In: Liu W, Giunchiglia F, Yang B (eds) Knowledge science, engineering and management. Springer, Cham., pp. 132–143. https://doi.org/10.1007/978-3-319-99247-1_12

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of South Australia, Adelaide, SA, Australia

    Leslie F. Sikos

Authors
  1. Leslie F. Sikos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leslie F. Sikos .

Editor information

Editors and Affiliations

  1. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, SA, Australia

    Leslie F. Sikos

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Sikos, L.F. (2019). OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge. In: Sikos, L. (eds) AI in Cybersecurity. Intelligent Systems Reference Library, vol 151. Springer, Cham. https://doi.org/10.1007/978-3-319-98842-9_1

Download citation

Publish with us

Policies and ethics

Search

Navigation