Proactive Ontology-based Cyber Threat Intelligence Analytic

Merah, Yazid; Kenaza, Tayeb

doi:10.1109/icrami52622.2021.9585984

Cited by 4 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The goal of CTO considers the extraction of relevant attack instances and threat information from data to ensure consistency and accuracy in the cybersecurity concepts for knowledge reuse in the threat intelligence domain [24]. The work of Ulicny et al [25] is considered among the first in this field and has taken an important step forward. The authors have manually constructed a cyber threat intelligence (CTI) ontology based on structured threat information expression (STIX) to support cybersecurity operators in their cyber threat hunting tasks.…”

Section: Threat Ontology Constructionmentioning

confidence: 99%

“…The authors have manually constructed a cyber threat intelligence (CTI) ontology based on structured threat information expression (STIX) to support cybersecurity operators in their cyber threat hunting tasks. Unfortunately, the authors have overlooked the vocabulary overlapping problem [25]. Unified Cybersecurity Ontology (UCO) was proposed by Syed et al [26] in 2016.…”

Section: Threat Ontology Constructionmentioning

confidence: 99%

See 1 more Smart Citation

Multiontology Construction and Application of Threat Model Based on Adversarial Attack and Defense Under ISO/IEC 27032

Cheng

Chen

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Research pertaining to threat modeling is significant. However, the existing threat modeling methods suffer from ambiguity, heterogeneity and incompleteness; furthermore, the threat models at different abstraction levels are separated from each other, and the model elements are fragmented. In the knowledge engineering community, an ontology is an explicit specification of a conceptualization. Introducing the ontology method into the study of threat models is an effective way to solve the above problems. This paper creates a multiontology framework for the threat model of information systems (IS) based on domain knowledge (attack and defense knowledge), engineering experience, and industry standards (ISO/IEC 27032). The multiontology framework includes a generalized ontology (GO), a domain ontology (DO), and an application ontology (AO). This paper builds the ontology of each layer and ultimately presents case studies. The results show that the multiontology threat model based on adversarial attack and defense effectively solves the above problems of the existing threat modeling methods. In addition, systematic threat modeling using the multiontology method can be used not only for attack pathbased threat analysis but also for adversarial attack and defense-based threat analysis. This method can help detect security issues and effectively guide security personnel.

show abstract

Section: Threat Ontology Constructionmentioning

confidence: 99%

Section: Threat Ontology Constructionmentioning

confidence: 99%