ABSTRACT
Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.
- Sean Barnum. 2014. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX). (2014).Google Scholar
- Stefan Fenz and Andreas Ekelhart. 2009. Formalizing Information Security Knowledge. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security(ASIACCS ’09). Association for Computing Machinery, 183–194.Google ScholarDigital Library
- Nicole Xiao Gong. 2017. Barriers and Impacts to Adopting Interoperability Standards for Cyber Threat Intelligence Sharing: A Mixed Methods Study. Ph.D. Dissertation. Robert Morris University.Google Scholar
- James R Gosler and Lewis Von Thaer. 2013. Task force report: Resilient military systems and the advanced cyber threat. Washington, DC: Department of Defense, Defense Science Board 41 (2013).Google Scholar
- Mari Grønberg. 2019. An Ontology for Cyber Threat Intelligence. Master’s thesis.Google Scholar
- Michael Gruninger. 1995. Methodology for the Design and Evaluation of Ontologies. In IJCAI 1995.Google Scholar
- Meng Huang, Tao Li, Hui Zhao, Xiaojie Liu, and Zhan Gao. 2020. Immune-Based Network Dynamic Risk Control Strategy Knowledge Ontology Construction. In Intelligent Computing. Springer International Publishing, Cham, 420–430.Google Scholar
- Tayeb Kenaza. 2021. An ontology-based modelling and reasoning for alerts correlation. International Journal of Data Mining, Modelling and Management 13, 1-2(2021), 65–80.Google ScholarCross Ref
- Daegeon Kim, JiYoung Woo, and Huy Kang Kim. 2016. ” I know what you did before ”: General framework for correlation analysis of cyber threat incidents. In MILCOM 2016-2016 IEEE Military Communications Conference. IEEE, 782–787.Google Scholar
- Oleksii Kovalenko and Taras Kovalenko. 2018. Knowledge Model and Ontology for Security Services. In 2018 IEEE First International Conference on System Analysis Intelligent Computing (SAIC). 1–4.Google Scholar
- Vasileios Mavroeidis and Siri Bromander. 2017. Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. In 2017 European Intelligence and Security Informatics Conference (EISIC). 91–98.Google ScholarCross Ref
- Dietmar P. F. Möller. 2020. Cybersecurity Ontology. Springer International Publishing, 99–109.Google Scholar
- Benjamin Morin, Ludovic Mé, Hervé Debar, and Mireille Ducassé. 2009. A logic-based model to support alert correlation in intrusion detection. Information Fusion 10, 4 (2009), 285–299.Google ScholarDigital Library
- M. Musen. 2015. The protégé project: a look back and a look forward. AI matters 1 4(2015), 4–12.Google Scholar
- Natasha Noy. 2001. Ontology Development 101: A Guide to Creating Your First Ontology. Knowledge Systems Laboratory, Stanford University.Google Scholar
- M. O’Connor and A. Das. 2009. SQWRL: A Query Language for OWL. In OWLED.Google Scholar
- Alessandro Oltramari, Lorrie Faith Cranor, Robert J. Walls, and Patrick McDaniel. 2014. Building an ontology of cyber security. CEUR Workshop Proceedings 1304 (2014), 54–61”. 9th Conference on Semantic Technology for Intelligence, Defense, and Security, STIDS 2014.Google Scholar
- Alessandro Oltramari and Alexander Kott. 2018. Towards a Reconceptualisation of Cyber Risk: An Empirical and Ontological Study. arXiv preprint arXiv:1806.08349(2018).Google Scholar
- Sara Qamar, Zahid Anwar, Mohammad Ashiqur Rahman, Ehab Al-Shaer, and Bei-Tseng Chu. 2017. Data-driven analytics for cyber-threat intelligence and information sharing. Computers & Security 67(2017), 35 – 58.Google ScholarDigital Library
- Raúl Riesco, Xavier Larriva-Novo, and Víctor A Villagrá. 2020. Cybersecurity threat intelligence knowledge exchange based on blockchain. Telecommunication Systems 73, 2 (2020), 259–288.Google ScholarDigital Library
- R Riesco and V. A. MVillagrá. 2019. Leveraging cyber threat intelligence for a dynamic risk framework. International Journal of Information Security 18 (2019), 715–739.Google ScholarDigital Library
- Raúl Riesco Granadino. 2019. Contribution to dynamic risk management automation by an ontology-based framework. Ph.D. Dissertation. Universidad Politécnica de Madrid.Google Scholar
- Nikolaos Serketzis, Vasilios Katos, Christos Ilioudis, Dimitrios Baltatzis, and George J Pangalos. 2019. Actionable threat intelligence for digital forensics readiness. Information & Computer Security 27, 2 (2019), 273–291.Google ScholarCross Ref
- Leslie F. Sikos. 2020. The Formal Representation of Cyberthreats for Automated Reasoning. Springer International Publishing, 1–12.Google Scholar
- Leslie F. Sikos, Markus Stumptner, Wolfgang Mayer, Catherine Howard, Shaun Voigt, and Dean Philp. 2018. Representing network knowledge using provenance-aware formalisms for cyber-situational awareness. Procedia Computer Science 126 (2018), 29–38.Google ScholarDigital Library
- John Strassner. 2008. Knowledge engineering using ontologies. In Handbook of Network and System Administration. Elsevier, 425–455.Google Scholar
- Romilla Syed. 2020. Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system. Information & Management 57, 6 (2020), 103334.Google ScholarCross Ref
- Zareen Syed, Ankur Padia, Tim Finin, Lisa Mathews, and Anupam Joshi. 2016. UCO: A unified cybersecurity ontology. In Workshops at the Thirtieth AAAI Conference on Artificial Intelligence.Google Scholar
- Brian E Ulicny, Jakub J Moskal, Mieczyslaw M Kokar, Keith Abe, and John Kei Smith. 2014. Inference and ontologies. In Cyber Defense and Situational Awareness. Springer, 167–199.Google Scholar
- Michael Uschold and Martin King. 1995. Towards a methodology for building ontologies. Citeseer.Google Scholar
Recommendations
Data-driven analytics for cyber-threat intelligence and information sharing
Efficient analysis of shared Cyber Threat Intelligence (CTI) information is crucial for network risk assessment and security hardening. There is a growing interest in implementing a proactive line of defense through threat profiling. However, ...
Risk Assessment of Sharing Cyber Threat Intelligence
Computer SecurityAbstractSharing Cyber Threat Intelligence (CTI) is advocated to get better defence against new sophisticated cyber-attacks. CTI may contain critical information about the victim infrastructure, existing vulnerabilities and business processes so sharing ...
Visualizing Interesting Patterns in Cyber Threat Intelligence Using Machine Learning Techniques
AbstractIn an advanced and dynamic cyber threat environment, organizations need to yield more proactive methods to handle their cyber defenses. Cyber threat data known as Cyber Threat Intelligence (CTI) of previous incidents plays an important role by ...
Comments