Abstract
Cyber Threat Intelligence (CTI) has become an essential part of contemporary threat detection and response solutions. However, threat intelligence is facing challenges such as lack of unified standards, low efficiency of aggregation, difficulties in widely sharing, and low level of formalization in large-scale applications, which limits its potential in threat detection and response. In response to these challenges, this paper proposes an event-based threat intelligence ontology model based on a thorough analysis of existing threat intelligence standards, aiming to address the urgent need for efficient threat intelligence aggregation and human-machine application. Firstly, the ontology model leverages the semantic characteristics of events to reorganize the elements of threat intelligence, enabling humans to make quicker decisions, simplifying the hierarchical structure for automation processing, while being compatible with existing standards to promote intelligence sharing. Secondly, it combines the skeleton method and Formal Concept Analysis (FCA) method to achieve semi-automated construction, which can improve the efficiency and level of formalization, and aiding in the automated correlation analysis. Finally, we evaluate the proposed ontology and validates its effectiveness with specific instance data, hoping to provide inspiration and reference for other researchers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Karatisoglou, M., Farao, A., Bolgouras, V., Xenakis, C.: BRIDGE: BRIDGing the gap bEtween CTI production and consumption. In: 2022 14th International Conference on Communications (COMM), 16 June 2022, pp. 1–6. IEEE (2022)
Lin, Y., Liu, P., Wang, H., et al.: Overview of threat intelligence sharing and exchange in cybersecurity. J. Comput. Res. Dev. 57(10), 2052 (2020)
Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: Cyber threat intelligence sharing scheme based on federated learning for network intrusion detection. J. Netw. Syst. Manag. 31(1), 3 (2023)
Chen, J.F., Fan, H.B.: Ontological threat intelligence sharing in cyberspace security. Commun. Technol. 51(1), 177–183 (2018)
Liu, X.F., Fu, J.G., et al.: A comparative study of event-centric ontology models. J. Libr. Inf. Sci. 6(02), 52–60 (2021)
Liu, Q.: Research on Ontology Construction and Application Based on Emergencies-Take the Covid-19 epidemic as an example. Shanxi University, Shanxi (2021)
Liu, S., Liu, X., Liu, X.: Overview of event ontology representation model and construction. J. Beijing Inf. Sci. Technol. Univ. 33(2), 35–40 (2018)
Yue, L., Liu, W.: A comparative study of domestic and foreign domain ontology construction methods. Intell. Theory Pract. 39(8), 119–125 (2016)
Astrid, D.R., Martin, B., Ludger, J., et al.: Evaluating the good ontology design guideline (GoodOD) with the ontology quality requirements and evaluation method and metrics (OQuaRE). Plos One 9(8), e104463 (2014)
Ren, F.L., Shen, J.K., et al.: A review for domain ontology construction from text. Chin. J. Comput. 42(3), 654–676 (2019)
Ganter, B., Wille, R.: Formal Concept Analysis. Springer, Berlin (1999)
Han, D.J., Gan, T., et al.: Research of ontology construction method based on formal concept analysis. Comput. Eng. 42(02), 300–306 (2016)
Liu, T.: Research on Dynamic Ontology Construction and Reasoning Rules of Minning Face. Taiyuan University of Science and Technology, Taiyuan (2017)
Sun, L.: Research on Maritime Ontology Construction Based on Thesaurus and FCA. Dalian Maritime University, Dalian (2010)
Trajanoska, M., Stojanov, R., Trajanov, D.: Enhancing Knowledge Graph Construction Using Large Language Models. arXiv preprint arXiv:2305.04676 (2023)
Wang, S., Sun, X., Li, X., et al.: Gpt-Ner: named entity recognition via large language models. arXiv preprint arXiv:2304.10428 (2023)
Gao, J., Zhao, H., Yu, C., et al.: Exploring the feasibility of chatgpt for event extraction. arXiv preprint arXiv:2303.03836 (2023)
Gao, J., Wang, A.: Research on ontology-based network threat intelligence analysis technology. Comput. Eng. Appl. 56(11), 112–117 (2020)
Christian, R., Dutta, S., Park, Y., et al.: An ontology-driven knowledge graph for android malware. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2435–2437 (2021)
Yeboah-Ofori, A., Ismail, U.M., Swidurski, T., et al.: Cyberattack ontology: a knowledge representation for cyber supply chain security. In: 2021 International Conference on Computing, Computational Modelling and Applications (ICCMA), pp. 65–70. IEEE (2021)
Sánchez-Zas, C., Villagrá, V.A., Vega-Barbas, M., et al.: Ontology-based approach to real-time risk management and cyber-situational awareness. Futur. Gener. Comput. Syst. 141, 462–472 (2023)
Syed, R.: Cybersecurity vulnerability management: a conceptual ontology and cyber intelligence alert system. Inf. Manag. 57(6), 103334 (2020)
Li, W.X., Wu, D.Y., et al.: Research on cyber attack case base model based on onotology. Comput. Sci. 41(10), 5 (2014)
Merah, Y., Kenaza, T.: Ontology-based cyber risk monitoring using cyber threat intelligence. In: Proceedings of the 16th International Conference on Availability, Reliability and Security, pp. 1–8 (2021)
Wei, X., Cui, X., Cheng, N., et al.: Zero-shot information extraction via chatting with ChatGPT. arXiv preprint arXiv:2302.10205 (2023)
Ge, B., Zheng, W., Yang, G.M., et al.: Microblog topic mining based on a combined TF-IDF and LDA topic model. In: Automatic Control, Mechatronics and Industrial Engineering, pp. 291–296. CRC Press (2019)
Lindig, C.: Fast concept analysis. In: Working with Conceptual Structures-Contributions to ICCS 2000, pp. 152–161 (2000)
Qian, J.: Research on Approaches of FCA-based Ontology Building and Mapping. National University of Defense Technology, Changsha (2016)
Wei, L., Li, D.M., et al.: Research on heterogeneous resource ontology construction based on FCA and Word2vec. Inf. Sci. 35(3), 69–75 (2017)
Mavroeidis, V., Hohimer, R., Casey, T., et al.: Threat actor type inference and characterization within cyber threat intelligence. In:2021 13th International Conference on Cyber Conflict (CyCon), pp. 327–352. IEEE (2021)
GB/T 36643–2018. Information security technology—Cyber security threat information format (2018)
Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Sandia National Lab.(SNL-NM), Albuquerque, NM (United States); Sandia National Lab.(SNL-CA), Livermore, CA (United States) (1998)
Undercofer, J., Joshi, A., Finin, T., et al.: A target-centric ontology for intrusion detection. In: Workshop on Ontologies in Distributed Systems, held at The 18th International Joint Conference on Artificial Intelligence (2003)
The Phantom that Wanders the Middle East - Analysis of Recent Attack Activity by APT Group AridViper. https://www.uu11.com/keji/690217.html. Accessed 26 NOv 2022
ATT&CK Matrix for Enterprise. https://attack.mitre.org/. Accessed 25 Oct 2022
Zhang, S.X.: Research on Knowledge Representation and Reasoning Based on Decision Implication. Shanxi University, Taiyuan (2021)
Yanhui, Z., Deyu, L., Kaishe, Q.: Decision implications: a logical point of view. Int. J. Mach. Learn. Cybern. 5, 509–516 (2014)
Ning, H., Tian, Z., Hui, L., Xiaojiang, D., Guizani, M.: A multiple-kernel clustering based intrusion detection scheme for 5G and IoT networks. Int. J. Mach. Learn. Cybern. 12(11), 3129–3144 (2021). https://doi.org/10.1007/s13042-020-01253-w
Jia, Y., Gu, Z., Li, A.: MDATA: a new knowledge representation model. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-71590-8
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, P., Dai, G., Zhai, L. (2023). Event-Based Threat Intelligence Ontology Model. In: Yung, M., Chen, C., Meng, W. (eds) Science of Cyber Security . SciSec 2023. Lecture Notes in Computer Science, vol 14299. Springer, Cham. https://doi.org/10.1007/978-3-031-45933-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-45933-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45932-0
Online ISBN: 978-3-031-45933-7
eBook Packages: Computer ScienceComputer Science (R0)