research-article

Ontology-based Cyber Risk Monitoring Using Cyber Threat Intelligence

Authors:

Tayeb KenazaAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 88, Pages 1 - 8

https://doi.org/10.1145/3465481.3470024

Published: 17 August 2021 Publication History

Abstract

Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.

References

[1]

Sean Barnum. 2014. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX). (2014).

[2]

Stefan Fenz and Andreas Ekelhart. 2009. Formalizing Information Security Knowledge. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security(ASIACCS ’09). Association for Computing Machinery, 183–194.

Digital Library

[3]

Nicole Xiao Gong. 2017. Barriers and Impacts to Adopting Interoperability Standards for Cyber Threat Intelligence Sharing: A Mixed Methods Study. Ph.D. Dissertation. Robert Morris University.

[4]

James R Gosler and Lewis Von Thaer. 2013. Task force report: Resilient military systems and the advanced cyber threat. Washington, DC: Department of Defense, Defense Science Board 41 (2013).

[5]

Mari Grønberg. 2019. An Ontology for Cyber Threat Intelligence. Master’s thesis.

[6]

Michael Gruninger. 1995. Methodology for the Design and Evaluation of Ontologies. In IJCAI 1995.

[7]

Meng Huang, Tao Li, Hui Zhao, Xiaojie Liu, and Zhan Gao. 2020. Immune-Based Network Dynamic Risk Control Strategy Knowledge Ontology Construction. In Intelligent Computing. Springer International Publishing, Cham, 420–430.

[8]

Tayeb Kenaza. 2021. An ontology-based modelling and reasoning for alerts correlation. International Journal of Data Mining, Modelling and Management 13, 1-2(2021), 65–80.

[9]

Daegeon Kim, JiYoung Woo, and Huy Kang Kim. 2016. ” I know what you did before ”: General framework for correlation analysis of cyber threat incidents. In MILCOM 2016-2016 IEEE Military Communications Conference. IEEE, 782–787.

[10]

Oleksii Kovalenko and Taras Kovalenko. 2018. Knowledge Model and Ontology for Security Services. In 2018 IEEE First International Conference on System Analysis Intelligent Computing (SAIC). 1–4.

[11]

Vasileios Mavroeidis and Siri Bromander. 2017. Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. In 2017 European Intelligence and Security Informatics Conference (EISIC). 91–98.

[12]

Dietmar P. F. Möller. 2020. Cybersecurity Ontology. Springer International Publishing, 99–109.

[13]

Benjamin Morin, Ludovic Mé, Hervé Debar, and Mireille Ducassé. 2009. A logic-based model to support alert correlation in intrusion detection. Information Fusion 10, 4 (2009), 285–299.

Digital Library

[14]

M. Musen. 2015. The protégé project: a look back and a look forward. AI matters 1 4(2015), 4–12.

[15]

Natasha Noy. 2001. Ontology Development 101: A Guide to Creating Your First Ontology. Knowledge Systems Laboratory, Stanford University.

[16]

M. O’Connor and A. Das. 2009. SQWRL: A Query Language for OWL. In OWLED.

[17]

Alessandro Oltramari, Lorrie Faith Cranor, Robert J. Walls, and Patrick McDaniel. 2014. Building an ontology of cyber security. CEUR Workshop Proceedings 1304 (2014), 54–61”. 9th Conference on Semantic Technology for Intelligence, Defense, and Security, STIDS 2014.

[18]

Alessandro Oltramari and Alexander Kott. 2018. Towards a Reconceptualisation of Cyber Risk: An Empirical and Ontological Study. arXiv preprint arXiv:1806.08349(2018).

[19]

Sara Qamar, Zahid Anwar, Mohammad Ashiqur Rahman, Ehab Al-Shaer, and Bei-Tseng Chu. 2017. Data-driven analytics for cyber-threat intelligence and information sharing. Computers & Security 67(2017), 35 – 58.

Digital Library

[20]

Raúl Riesco, Xavier Larriva-Novo, and Víctor A Villagrá. 2020. Cybersecurity threat intelligence knowledge exchange based on blockchain. Telecommunication Systems 73, 2 (2020), 259–288.

Digital Library

[21]

R Riesco and V. A. MVillagrá. 2019. Leveraging cyber threat intelligence for a dynamic risk framework. International Journal of Information Security 18 (2019), 715–739.

Digital Library

[22]

Raúl Riesco Granadino. 2019. Contribution to dynamic risk management automation by an ontology-based framework. Ph.D. Dissertation. Universidad Politécnica de Madrid.

[23]

Nikolaos Serketzis, Vasilios Katos, Christos Ilioudis, Dimitrios Baltatzis, and George J Pangalos. 2019. Actionable threat intelligence for digital forensics readiness. Information & Computer Security 27, 2 (2019), 273–291.

[24]

Leslie F. Sikos. 2020. The Formal Representation of Cyberthreats for Automated Reasoning. Springer International Publishing, 1–12.

[25]

Leslie F. Sikos, Markus Stumptner, Wolfgang Mayer, Catherine Howard, Shaun Voigt, and Dean Philp. 2018. Representing network knowledge using provenance-aware formalisms for cyber-situational awareness. Procedia Computer Science 126 (2018), 29–38.

Digital Library

[26]

John Strassner. 2008. Knowledge engineering using ontologies. In Handbook of Network and System Administration. Elsevier, 425–455.

[27]

Romilla Syed. 2020. Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system. Information & Management 57, 6 (2020), 103334.

[28]

Zareen Syed, Ankur Padia, Tim Finin, Lisa Mathews, and Anupam Joshi. 2016. UCO: A unified cybersecurity ontology. In Workshops at the Thirtieth AAAI Conference on Artificial Intelligence.

[29]

Brian E Ulicny, Jakub J Moskal, Mieczyslaw M Kokar, Keith Abe, and John Kei Smith. 2014. Inference and ontologies. In Cyber Defense and Situational Awareness. Springer, 167–199.

[30]

Michael Uschold and Martin King. 1995. Towards a methodology for building ontologies. Citeseer.

Cited By

Hollerer SSauter TKastner W(2024)A Survey of Ontologies Considering General Safety, Security, and Operation Aspects in OTIEEE Open Journal of the Industrial Electronics Society10.1109/OJIES.2024.34411125(861-885)Online publication date: 2024
https://doi.org/10.1109/OJIES.2024.3441112
Teng JYang RWang TDu JSheng Q(2024)OntoCPS4PMS: Ontology modeling for collaborative cyber‐physical threat defense in power monitoring systemSystems Engineering10.1002/sys.21777Online publication date: 13-Aug-2024
https://doi.org/10.1002/sys.21777
Zhang SShi PDu TSu XHan Y(2023)Threat Attribution and Reasoning for Industrial Control System AssetInternational Journal of Ambient Computing and Intelligence10.4018/IJACI.33385315:1(1-27)Online publication date: 17-Nov-2023
https://dl.acm.org/doi/10.4018/IJACI.333853
Show More Cited By

Recommendations

Data-driven analytics for cyber-threat intelligence and information sharing

Efficient analysis of shared Cyber Threat Intelligence (CTI) information is crucial for network risk assessment and security hardening. There is a growing interest in implementing a proactive line of defense through threat profiling. However, ...
Risk Assessment of Sharing Cyber Threat Intelligence
Computer Security
Abstract
Sharing Cyber Threat Intelligence (CTI) is advocated to get better defence against new sophisticated cyber-attacks. CTI may contain critical information about the victim infrastructure, existing vulnerabilities and business processes so sharing ...
A heterogeneous graph-based approach for cyber threat attribution using threat intelligence
ICMLC '24: Proceedings of the 2024 16th International Conference on Machine Learning and Computing

Cyber Threat attribution is the process of associating a cyberattack with the threat groups. This process is essential for enhancing defense strategies and enabling rapid response to threats, making threat attribution a critical component of an ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
686
Total Downloads

Downloads (Last 12 months)178
Downloads (Last 6 weeks)18

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hollerer SSauter TKastner W(2024)A Survey of Ontologies Considering General Safety, Security, and Operation Aspects in OTIEEE Open Journal of the Industrial Electronics Society10.1109/OJIES.2024.34411125(861-885)Online publication date: 2024
https://doi.org/10.1109/OJIES.2024.3441112
Teng JYang RWang TDu JSheng Q(2024)OntoCPS4PMS: Ontology modeling for collaborative cyber‐physical threat defense in power monitoring systemSystems Engineering10.1002/sys.21777Online publication date: 13-Aug-2024
https://doi.org/10.1002/sys.21777
Zhang SShi PDu TSu XHan Y(2023)Threat Attribution and Reasoning for Industrial Control System AssetInternational Journal of Ambient Computing and Intelligence10.4018/IJACI.33385315:1(1-27)Online publication date: 17-Nov-2023
https://dl.acm.org/doi/10.4018/IJACI.333853
Gan CLin JHuang DZhu QTian L(2023)Advanced Persistent Threats and Their Defense Methods in Industrial Internet of Things: A SurveyMathematics10.3390/math1114311511:14(3115)Online publication date: 14-Jul-2023
https://doi.org/10.3390/math11143115
Chingombe R(2023)Impact of Risk Attributes on Vendor Risk Assessment and ClassificationSSRN Electronic Journal10.2139/ssrn.4620534Online publication date: 2023
https://doi.org/10.2139/ssrn.4620534
Almashor MAhmed EPick BXue JAbuadbba SGaire RWang SCamtepe SNepal S(2023)Unraveling Threat Intelligence Through the Lens of Malicious URL CampaignsProceedings of the 18th Asian Internet Engineering Conference10.1145/3630590.3630600(78-86)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3630590.3630600
McGregor RReaiche CBoyle SCorral de Zubielqui G(2023)Cyberspace and Personal Cyber Insurance: A Systematic ReviewJournal of Computer Information Systems10.1080/08874417.2023.218555164:1(157-171)Online publication date: 5-Apr-2023
https://doi.org/10.1080/08874417.2023.2185551
Glenc P(2022)Poland’s Energy Transition: Towards an OntologyPrzegląd Organizacji10.33141/po.2022.03.03(24-31)Online publication date: 30-Aug-2022
https://doi.org/10.33141/po.2022.03.03
Zhang SShi PDu TSu XHan YChen P(2022)Threat Modeling and Reasoning for Industrial Control System Assets2022 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00066(468-475)Online publication date: Dec-2022
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00066
Irfan AChuprat SMahrin MAriffin A(2022)Taxonomy of Cyber Threat Intelligence Framework2022 13th International Conference on Information and Communication Technology Convergence (ICTC)10.1109/ICTC55196.2022.9952616(1295-1300)Online publication date: 19-Oct-2022
https://doi.org/10.1109/ICTC55196.2022.9952616

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents