Skip to main content
Springer Nature Link
Log in

The Design and Application of a Unified Ontology for Cyber Security

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14424))

Included in the following conference series:

Abstract

Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT &CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these independent data sources is time-consuming and impractical in high-stakes situations. By adopting an ontology-based approach, these cybersecurity resources can be unified, enabling a holistic view of the threat landscape. Additionally, leveraging semantic query languages empowers analysts to make the most of existing data sources. This paper explores how through the application of a semantic query language (SPARQL) on a unified cybersecurity ontology, analysts can effectively exploit the information contained within these resources to strengthen their defense strategies against cyber threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Akbar, K.A., Halim, S.M., Hu, Y., Singhal, A., Khan, L., Thuraisingham, B.: Knowledge mining in cybersecurity: from attack to defense. In: Sural, S., Lu, H. (eds.) DBSec 2022. LNCS, vol. 13383, pp. 110–122. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-10684-2_7

    Chapter  Google Scholar 

  2. Akbar, K.A., Halim, S.M., Singhal, A., Abdeen, B., Khan, L., Thuraisingham, B.: The design of an ontology for ATT &CK and its application to cybersecurity. In: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy [Poster Presentation], pp. 295–297 (2023)

    Google Scholar 

  3. MITRE Corporation: Common weakness enumeration. https://cwe.mitre.org/

  4. MITRE Corporation: A knowledge graph of cybersecurity countermeasures. https://d3fend.mitre.org/

  5. MITRE Corporation: Mapping the engage matrix to MITRE ATT &CK. https://engage.mitre.org/wp-content/uploads/2022/05/Mapping-Engage-to-ATTCK.pdf

  6. MITRE Corporation: MITRE ATT &CK. https://attack.mitre.org/

  7. MITRE Corporation: MITRE engage. https://engage.mitre.org/

  8. MITRE Corporation: Science of cyber-security. https://irp.fas.org/agency/dod/jason/cyber.pdf

  9. MITRE Corporation: The ultimate security vulnerability data source. https://www.cvedetails.com

  10. NIST CSRC: Advanced persistent threat. https://csrc.nist.gov/glossary/term/advanced_persistent_threat

  11. Hemberg, E., et al.: Linking threat tactics, techniques, and patterns with defensive weaknesses, vulnerabilities and affected platform configurations for cyber hunting. arXiv preprint arXiv:2010.00533 (2020)

  12. Iannacone, M., et al.: Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, pp. 1–4 (2015)

    Google Scholar 

  13. Khan, L., McLeod, D., Hovy, E.: Retrieval effectiveness of an ontology-based model for information selection. VLDB J. 13, 71–85 (2004)

    Article  Google Scholar 

  14. Luo, F.: Ontology construction for information selection. In: 2002 Proceedings of the 14th IEEE International Conference on Tools with Artificial Intelligence (ICTAI 2002), pp. 122–127. IEEE (2002)

    Google Scholar 

  15. Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: 2017 European Intelligence and Security Informatics Conference (EISIC), pp. 91–98. IEEE (2017)

    Google Scholar 

  16. Mozzaquatro, B.A., Agostinho, C., Goncalves, D., Martins, J., Jardim-Goncalves, R.: An ontology-based cybersecurity framework for the internet of things. Sens. (Basel Switz.) 18(9), 3053 (2017). https://doi.org/10.3390/s18093053

  17. Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: Semantic Technologies for Intelligence, Defense, and Security (STIDS), pp. 49–56 (2012)

    Google Scholar 

  18. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.D.: Building an ontology of cyber security. In: Semantic Technologies for Intelligence, Defense, and Security (STIDS), pp. 54–61 (2014)

    Google Scholar 

  19. Salatino, A.A., Thanapalasingam, T., Mannocci, A., Birukou, A., Osborne, F., Motta, E.: The computer science ontology: a comprehensive automatically-generated taxonomy of research areas. Data Intell. 2(3), 379–416 (2020)

    Article  Google Scholar 

  20. Shlapentokh-Rothman, M., Kelly, J., Baral, A., Hemberg, E., O’Reilly, U.M.: Coevolutionary modeling of cyber attack patterns and mitigations using public datasets. In: Proceedings of the Genetic and Evolutionary Computation Conference, pp. 714–722 (2021)

    Google Scholar 

  21. Strom, B.E., et al.: Finding cyber threats with ATT &CK-based analytics. The MITRE Corporation, Bedford, MA, Technical report No. MTR170202 (2017)

    Google Scholar 

  22. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. UMBC Student Collection (2016)

    Google Scholar 

  23. Tomaszuk, D., Hyland-Wood, D.: RDF 1.1: knowledge representation and data integration language for the web. Symmetry 12(1), 84 (2020)

    Article  Google Scholar 

  24. World Wide Web Consortium (W3C): OWL web ontology language guide. Technical report, World Wide Web Consortium (2004). https://www.w3.org/TR/owl-guide/

  25. World Wide Web Consortium (W3C): SPARQL query language for RDF. Technical report, World Wide Web Consortium (2008). https://www.w3.org/TR/rdf-sparql-query/

  26. World Wide Web Consortium (W3C): Resource description framework (RDF). Technical report, World Wide Web Consortium (2014). https://www.w3.org/RDF/

  27. Zou, Q., Sun, X., Liu, P., Singhal, A.: An approach for detection of advanced persistent threat attacks. Computer 53(12), 92–96 (2020)

    Article  Google Scholar 

Download references

Acknowledgement

The research reported herein was supported in part by NIST Award # 60NANB23D007, NSF awards DMS-1737978, DGE-2039542, OAC-1828467, OAC-1931541, and DGE-1906630, ONR awards N00014-17-1-2995 and N00014-20-1-2738.

Author information

Authors and Affiliations

  1. The University of Texas at Dallas, Richardson, USA

    Khandakar Ashrafi Akbar, Fariha Ishrat Rahman, Latifur Khan & Bhavani Thuraisingham

  2. National Institute of Standards and Technology, Gaithersburg, USA

    Anoop Singhal

Authors
  1. Khandakar Ashrafi Akbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fariha Ishrat Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anoop Singhal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Latifur Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bhavani Thuraisingham
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khandakar Ashrafi Akbar .

Editor information

Editors and Affiliations

  1. Griffith University, Gold Coast, QLD, Australia

    Vallipuram Muthukkumarasamy

  2. Centre for Development of Advanced Computing (C-DAC), Bangalore, India

    Sithu D. Sudarsan

  3. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

Ethics declarations

Disclaimer

Certain equipment, instruments, software, or materials are identified in this paper in order to specify the experimental procedure adequately. Such identification is not intended to imply recommendation or endorsement of any product or service by NIST, nor is it intended to imply that the materials or equipment identified are necessarily the best available for the purpose.

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Akbar, K.A., Rahman, F.I., Singhal, A., Khan, L., Thuraisingham, B. (2023). The Design and Application of a Unified Ontology for Cyber Security. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49099-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49098-9

  • Online ISBN: 978-3-031-49099-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics