Abstract
In this paper we introduce a new Controlled Natural Language (CNL) known as “Noam”. It is used to express cyber security knowledge and for reasoning over it. The approach follows examples set by other domain-specific languages and constrained grammars, but is highly unusual due to its singular focus on cyber security. Like most CNLs Noam is both human-readable and machine-solvable, thus fulfilling important assurance requirements with respect to transparency and explainability. The language seeks to address a growing problem faced by security engineers and architects; namely, that their endeavours are constrained by the complexity and sheer interconnectedness of the systems they protect. This is further compounded by year-on-year vulnerability disclosure rates and diversification of the Tactics, Techniques and Procedures used by threat actors. Our approach is analogical in which the Noam CNL is used to construct a system model, instrument it with data from the real environment and apply functional programming techniques in order to ‘solve-for’ certain conditions of interest. The intention is to demonstrate the value of CNLs and semantic reasoning within cyber security, framed in the context of improving the information available to security engineers, architects and other decision-makers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Use of this name is purely a convenient shorthand and recognises the technique’s inherent overlapping of information science and language. There is no reference - intended or otherwise - to any of the namesake’s specific work, writings or politics. The authors, nor the ideas herein seek any controversy and the naming is purely symbolic.
- 2.
(source IP address, source port, destination IP address, destination port, protocol, timestamp).
- 3.
There is some overlap in which actuality may also be considered predictive (i.e., due to uncertainty). Since no new measurements can be taken to verify experience, we simply assert that this is solely a domain of facts.
References
Ampel, B., Samtani, S., Ullman, S., Chen, H.: Linking common vulnerabilities and exposures to the MITRE ATT &CK framework: a self-distillation approach (2021)
Audi, R.: Epistemology: A Contemporary Introduction to the Theory of Knowledge. Routledge, Amsterdam (1998)
Ballard, T., Neal, A., Farrell, S., Lloyd, E., Lim, J., Heathcote, A.: A general architecture for modeling the dynamics of goal-directed motivation and decision-making. Psychol. Rev. 129(1), 146–174 (2022)
Johnson, C., Badger, M., Waltermire, D., Snyder, J., Skorupka, C.: NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing. National Institute for Standards and Technology (2019)
CISA: Known exploited vulnerabilities catalog (2023)
DCMI: Dublin core metadata initiative (2022). https://www.dublincore.org/
Christianos, F., Schäfer, L., Albrecht, S.: Shared experience actor-critic for multi-agent reinforcement learning. In: Advances in Neural Information Processing Systems 33, pp. 10707–10717 (2020)
Haykin, S.: Cognitive Dynamic Systems. Cambridge University Press, Cambridge (2012)
H.S., L., K., D., J., B.: Studying cyber security threats to web platforms using attack tree diagrams, vol. 13 (2018)
IEEE: International Conference on Semantic Computing (2022). https://www.ieee-icsc.org/
Irwin, S.: Creating a threat profile for your organization. Technical report, SANS Institute (2014). https://www.giac.org/paper/gcih/1772/creating-threat-profile-organization/110995
Luger, G.F.: Artificial Intelligence: Structures and Strategies for Complex Problem Solving. Addison-Wesley (2005)
MITRE: Cve-2014-0160 (2014). https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160
MITRE: Cve-2021-44832 (2021a). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832
MITRE: MITRE ATT &CK (2021b). https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/objects/
NCSC: How the NCSC thinks about security architecture (2018). https://www.ncsc.gov.uk/pdfs/blog-post/how-ncsc-thinks-about-security-architecture.pdf
NIST-CSRC: Tactics techniques and procedures (2023)
OASIS: STIX Version 2.1 (2021). https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html
Petrică, G., Axinte, S.-D., Bacivarov, I.C., Firoiu, M.: Studying cyber security threats to web platforms using attack tree diagrams, vol. 9 (2017)
Rahman, M.A., Al-Saggaf, Y., Zia, T.: A data mining framework to predict cyber attack for cyber security. In: 2020 15th IEEE Conference on Industrial Electronics and Applications (ICIEA), pp. 207–212 (2020)
Rovelli, C., Segre, E., Carnell, S.: The Order of Time. Riverhead Books (2018)
Shahid, M., Debar, H.: CVSS-BERT: explainable natural language processing to determine the severity of a computer security vulnerability from its description (2021)
Souza, L.O., Ramos, G.O., Ralha, C.: Experience sharing between cooperative reinforcement learning agents. Technical report, Numenta, Universidade do Vale do Rio dos Sinos, University of Brasilia (2019)
Straub, J.: Modeling attack, defense and threat trees and the cyber kill chain, ATT &CK and STRIDE frameworks as blackboard architecture networks. In: 2020 IEEE International Conference on Smart Cloud (SmartCloud), pp. 148–153 (2020)
van Renssen, A.: Gellish: an information representation language, knowledge base and ontology. In: Proceedings of the 33rd European Solid-State Device Research - ESSDERC 2003 (IEEE Cat. No. 03EX704), Standardization and Innovation in Information Technology. The 3rd Conference on, Standardization and Innovation in Information Technology, pp. 215–228 (2003)
VirusTotal: Yara documentation (2022). https://yara.readthedocs.io/en/latest/
Winston, P.H.: Artificial Intelligence. Addison-Wesley, Boston (1992)
Zhao, J., Shao, M., Wang, H., Yu, X., Li, B., Liu, X.: Cyber threat prediction using dynamic heterogeneous graph learning. Knowl.-Based Syst. 240, 108086 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
1 Electronic supplementary material
Below is the link to the electronic supplementary material.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chase, L., Mohasseb, A., Aziz, B. (2024). Epistemology for Cyber Security: A Controlled Natural Language Approach. In: Saad, I., Rosenthal-Sabroux, C., Gargouri, F., Chakhar, S., Williams, N., Haig, E. (eds) Advances in Information Systems, Artificial Intelligence and Knowledge Management. ICIKS 2023. Lecture Notes in Business Information Processing, vol 486. Springer, Cham. https://doi.org/10.1007/978-3-031-51664-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-51664-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51663-4
Online ISBN: 978-3-031-51664-1
eBook Packages: Computer ScienceComputer Science (R0)