Abstract
Considering the complexity and dynamic nature of cyberthreats, the automation of data-driven analytics in cyberthreat intelligence is highly desired. However, the terminology of cyberthreat intelligence varies between methods, techniques, and applications, and the corresponding expert knowledge is not codified, making threat data inefficient, and sometimes infeasible, to process by semantic software agents. Therefore, various data models, methods, and knowledge organization systems have been proposed over the years, which facilitate knowledge discovery, data aggregation, intrusion detection, incident response, and comprehensive and automated data analysis. This chapter reviews the most influential and widely deployed cyberthreat classification models, machine-readable taxonomies, and machine-interpretable ontologies that are well-utilized in cyberthreat intelligence applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege
- 2.
Process for Attack Simulation and Threat Analysis
- 3.
Linkability, identifiability, nonrepudiation, detectability, disclosure of information, unawareness, noncompliance—https://linddun.org
- 4.
Common Vulnerability Scoring System—https://www.first.org/cvss/specification-document
- 5.
Visual, Agile, and Simple Threat modeling
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
Indicators of compromise
References
Ahmed M, Litchfield AT (2016) Taxonomy for identification of security issues in cloud computing environments. J Comput Inf Syst 58(1):79–88. https://doi.org/10.1080/08874417.2016.1192520
Ahmed M, Litchfield AT, Ahmed S (2014) A generalized threat taxonomy for cloud computing. In: Proceedings of the 25th Australasian Conference on Information Systems. http://hdl.handle.net/10292/8127
Amoroso EG (1994) Fundamentals of computer security technology. Prentice-Hall, Upper Saddle River, NJ, USA
Asgarli E, Burger E, (2016) Semantic ontologies for cyber threat sharing standards. In: IEEE Symposium on Technologies for Homeland Security. IEEE, New York. https://doi.org/10.1109/THS.2016.7568896
Avižienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secur Comput 1(1):11–33. https://doi.org/10.1109/TDSC.2004.2
Ben-Asher N, Oltramari A, Erbacher R, Gonzalez C (2015) Ontology-based adaptive systems of cyber defense. In: Laskey KB, Emmons I, Costa PCG, Oltramari A (eds) Proceedings of the Semantic Technology for Intelligence, Defense, and Security 2015. RWTH Aachen University, Aachen, pp 34–41. http://ceur-ws.org/Vol-1523/STIDS_2015_T05_BenAsher_etal.pdf
Bromander S, Jøsang A, Eian M (2016) Semantic cyberthreat modelling. http://stids.c4i.gmu.edu/papers/STIDSPapers/STIDS2016_A2_BromanderJosangEian.pdf
Burger EW, Goodman MD, Kampanakis P, Zhu KA (2014) Taxonomy model for cyber threat intelligence information exchange technologies. In: Ahn GJ, Sander T (eds) Proceedings of the 2014 ACM Workshop on Information Sharing and Collaborative Security. ACM, New York, pp 51–60. https://doi.org/10.1145/2663876.2663883
Chen K, Zhang S, Li Z, Zhang Y, Deng Q, Ray S, Jin Y (2018) Internet-of-Things security and vulnerabilities: taxonomy, challenges, and practice. J Hardw Syst Secur 2:97–110. https://doi.org/10.1007/s41635-017-0029-7
Costa DL, Collins ML, Perl SJ, Albrethsen MJ, Silowash GJ, Spooner DL (2014) An ontology for insider threat indicators. In: Laskey KB, Emmons I, Costa PCG (eds) Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense, and Security. RWTH Aachen University, Aachen, pp 48–53. http://ceur-ws.org/Vol-1304/STIDS2014_T07_CostaEtAl.pdf
Ferdinand J, Benham R (2017) The cyber security ecosystem: defining a taxonomy of existing, emerging and future cyber threats. https://swiftinstitute.org/wp-content/uploads/2017/10/SIWP-2016-002_Cyber-Taxonomy_-Ferdinand-Benham-_vfinal2.pdf
Heartfield R, Loukas G, Budimir S, Bezemskij A, Fontaine JRJ, Filippoupolitis A, Roesch E (2018) A taxonomy of cyber-physical threats and impact in the smart home. Comput Secur 78:398–428. https://doi.org/10.1016/j.cose.2018.07.011
Iqbal S, Kiah LM, Dhaghighi B, Hussain M, Khan S, Khan MK, Choo KK (2016) On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J Netw Comput Appl 74:98–120. https://doi.org/10.1016/j.jnca.2016.08.016
Jouini M, Rabai LBA, Aissa AB (2014) Classification of security threats in information systems. Procedia Comput Sci 32:489–496. https://doi.org/10.1016/j.procs.2014.05.452
King J, Lakkaraju K, Lakkaraju K (2009) A taxonomy and adversarial model for attacks against network log anonymization. In: Proceedings of the 2009 ACM Symposium on Applied Computing. ACM, New York, pp 1286–1293. https://doi.org/10.1145/1529282.1529572
Kohnfelder L, Garg P (2009) The STRIDE threat model. https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)
Kotz D (2003) A threat taxonomy for mHealth privacy. In: Third International Conference on Communication Systems and Networks. IEEE. https://doi.org/10.1109/COMSNETS.2011.5716518
Luh R, Marschalek S, Kaiser M, Janicke H, Schrittwieser S (2017) Semantics-aware detection of targeted attacks: a survey. J Comput Virol Hacking Tech 13(1):47–85. https://doi.org/10.1007/s11416-016-0273-3
Mavroeidis V, Bromander S (2017) Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: Brynielsson J (ed) 2017 European Intelligence and Security Informatics Conference. IEEE Computer Society, Los Alamitos, CA, USA, pp 91–98. https://doi.org/10.1109/EISIC.2017.20
Mead NR, Shull F, Vemuru K, Villadsen O (2018) A hybrid threat modeling method. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=516617
Meinig M, Sukmana MIH, Torkura KA, Meinel C (2019) Holistic strategy-based threat model for organizations. Procedia Comput Sci 151:100–107. https://doi.org/10.1016/j.procs.2019.04.017
NIST (2012) Guide for conducting risk assessments. https://doi.org/10.6028/NIST.SP.800-30r1
Potteiger B, Martins G, Koutsoukos X (2016) Software and attack centric integrated threat modeling for quantitative risk assessment. In: Proceedings of the Symposium and Bootcamp on the Science of Security. ACM, New York, pp 99–108. https://doi.org/10.1145/2898375.2898390
Qamar S, Anwar Z, Rahman MA, Al-Shaer E, Chu BT (2017) Data-driven analytics for cyber-threat intelligence and information sharing. Comput Secur 67:35–58. https://doi.org/10.1016/j.cose.2017.02.005
Riesco R, Villagrá VA (2019) Leveraging cyber threat intelligence for a dynamic risk framework: automation by using a semantic reasoner and a new combination of standards (STIX, SWRL and OWL). Int J Inf Secur. https://doi.org/10.1007/s10207-019-00433-2
Ruf L, Thorn A, Christen T, Gruber B, Portmann R (2008) Threat modeling in security architecture: the nature of threats. https://pdfs.semanticscholar.org/09fc/831b360dce8f9924a67aed274f15bebf3e9b.pdf
Sandro G, Hutinski Z (2007) Information system security threats classifications. J Inf Organ Sci 31(1):51–61
Shostack A (2014) Threat modeling: designing for security. Wiley, Indianapolis
Sikos LF (2015) Mastering structured data on the Semantic Web: from HTML5 Microdata to Linked Open Data. Apress, Berkeley, CA, USA. https://doi.org/10.1007/978-1-4842-1049-9
Sikos LF (2018a) Handling uncertainty and vagueness in network knowledge representation for cyberthreat intelligence. In: Proceedings of the 2018 IEEE International Conference on Fuzzy Systems. IEEE, Piscataway, NJ, USA. https://doi.org/10.1109/FUZZ-IEEE.2018.8491686
Sikos LF (2018b) OWL ontologies in cybersecurity: conceptual modeling of cyber-knowledge. In: Sikos LF (ed) AI in cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-319-98842-9_1
Sikos LF (2019) Knowledge representation to support partially automated honeypot analysis based on Wireshark packet capture files. In: Czarnowski I, Howlett RJ, Jain LC (eds) Intelligent decision technologies 2019. Springer, Singapore. https://doi.org/10.1007/978-981-13-8311-3_30
Sikos LF (2020) Packet analysis for network forensics: a comprehensive survey. Forensic Sci Int Digit Investig 32 (2020) 200892. https://doi.org/10.1016/j.fsidi.2019.200892
Sikos LF, Stumptner M, Mayer W, Howard C, Voigt S, Philp D (2018) Automated reasoning over provenance-aware communication network knowledge in support of cyber-situational awareness. In: Liu W, Giunchiglia F, Yang B (eds) Knowledge science, engineering and management. Springer, Cham, pp 132–143. https://doi.org/10.1007/978-3-319-99247-1_12
Ten CW, Liu CC, Govindarasu M (2007) Vulnerability assessment of cybersecurity for SCADA systems using attack trees. In: IEEE Power Engineering Society General Meeting. IEEE. https://doi.org/10.1109/PES.2007.385876
UcedaVelez T, Morana MM (2015) Risk centric threat modeling: process for attack simulation and threat analysis. Wiley, Hobekin
Ussath M, Jaeger D, Cheng F, Meinel C (2016) Pushing the limits of cyber threat intelligence: extending STIX to support complex patterns. In: Latifi S (ed) Information technology: new generations. Springer, Cham, pp 213–225. https://doi.org/10.1007/978-3-319-32467-8_20
Welch D, Lathrop S (2003) Wireless security threat taxonomy. In: IEEE Systems, Man and Cybernetics Society Information Assurance Workshop 2003. IEEE, Piscataway, NJ, USA, pp 76–83. https://doi.org/10.1109/SMCSIA.2003.1232404
Wu M, Moon YB (2017) Taxonomy of cross-domain attacks on cybermanufacturing system. Procedia Comput Sci 114:367–374. https://doi.org/10.1016/j.procs.2017.09.050
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Sikos, L.F. (2020). The Formal Representation of Cyberthreats for Automated Reasoning. In: Sikos, L., Choo, KK. (eds) Data Science in Cybersecurity and Cyberthreat Intelligence. Intelligent Systems Reference Library, vol 177. Springer, Cham. https://doi.org/10.1007/978-3-030-38788-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-38788-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38787-7
Online ISBN: 978-3-030-38788-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)