Predicting Network Attacks Using Ontology-Driven Inference

Graph knowledge models and ontologies are very powerful modeling and re asoning tools. We propose an effective approach to model network attacks and attack prediction which plays important roles in security management. The goals of this study are: First we model network attacks, their prerequisites and consequences using knowledge representation methods in order to provide description logic reasoning and inference over attack domain concepts. And secondly, we propose an ontology-based system which predicts potential attacks using inference and observing information which provided by sensory inputs. We generate our ontology and evaluate corresponding methods using CAPEC, CWE, and CVE hierarchical datasets. Results from experiments show significant capability improvements comparing to traditional hierarchical and relational models. Proposed method also reduces false alarms and improves intrusion detection effectiveness.Comment: 9 page

Constructing Enterprise Information Network Security Risk Management Mechanism by Ontology

[[abstract]]As the prosperous development of information technology and Internet, the enterprises change the management of supply chain into modern technology way. Also, the characteristics of information crime has become unremitting confidence , the protection of the invaluable information assets in the supplier chain is facing more rigorous challenges. How can the expensive security mechanism be assessed if it conforms its function and serves the core objectives of the enterprise. The mechanism of this paper is based on the ontology of the Unified Problem-solving Method Development Language. In this paper, the implementation knowledge of the SCM information security risk management is divided into three categories: domain, task, and problem-solving ontologies. The concepts of the knowledge ontology are implemented by a computer tool Protege, and programmed into a detailed knowledge inference rules by using CLIPS, and then used as an inference engine in the JESS expert system to strengthen the SCM information security risk management and enhance the security of the enterprise.[[notice]]補正完畢[[incitationindex]]EI[[booktype]]紙

Mapping ISO 27002 into security ontology

In recent years, due to the increasingly interconnected environment, information is exposed to a growing number of threats and vulnerabilities. Therefore, it is especially important for an organization to have an efficient information security management system. Recently, it has been observed that organisations are looking for standards of best practice for guidance on how to manage their information security infrastructures. In this way, they can demonstrate that their information is adequately secured, and show to their customers and business partners that they can be trusted with protection of the important information. This document presents a methodology of mapping the ISO 27002 standard knowledge to the security ontology and it is intended for organisations that aim to maintain compliance with it

Multilevel Security Policy Implementation Using OWL Ontology

This project is an experimental implementation of Multi-Level Security (MLS) lattice model by using semantic web technologies (OWL) to create and test Mandatory Access Control (MAC) with Bell-LaPadula (BLP) properties. Semantic web (web of data) is building on top of the World Wide Web (web of documents), aiming to make data machine-readable so that to improve data processing and management. OWL is a semantic web computational logic-base language which is designed to represent complex knowledge in semantic format. With the MLS ontology, we are able to define dominance relationship between variables within the lattice model and perform different queries to verify if the subject (with security clearance) can access (read/write) to the object (with security classification). Moreover, by leveraging BLP properties, the ontology would only allow information to flow from entities with lower classification to entities with higher classification

An Ontology-Based Context Model for Managing Security Knowledge in Software Development

Software security has been the focus of the security community and practitioners over the past decades. Much security information is widely available in books, open literature or on the internet. We argue that the generated huge mass of information has resulted in a form of information overload to software engineers who usually finish reading it without being able to apply those principles clearly to their own application context. Our research tackles software security issues from a knowledge management perspective. In this paper, we present an ontology approach to model the knowledge of software security in a context- sensitive manner, supporting software engineers and learners to enable the correlation process between security domain knowledge and their working context. We also propose a web-based application for security knowledge sharing and learning where the ontology is adopted as the central knowledge repository

Toward an efficient ontology-based event correlation in SIEM

Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontolog

Building Context-Aware Access Control In Enterprise Ontologies

Knowledge centric management (KCM) has become a key strategy for competitive edge. As an essential of KCM, an enterprise ontology represents the knowledge of an organization. Thus, the need for securing enterprise ontologies (EO) becomes imperative. Adequate access control is a major component of ontology security. However, access control for EO is largely neglected in information systems (IS) literature. This paper presents the first research to fill this gap. I propose five requirements for good access-control solutions for EO. The proposed solution offers an architecture framework that meets the five requirements. Semantic Web technology is used to build context-aware access controls into EO. My proposal includes a novel resolution for policy conflicts. This study provides the first design of fine-grained and dynamically-adjusted access authorizations

Toward an efficient ontology-based event correlation in SIEM

Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontolog

Towards a Cloud-Based Ontology for Service Model Security -- Technical Report

The adoption of cloud computing has brought significant advancements in the operational models of businesses. However, this shift also brings new security challenges by expanding the attack surface. The offered services in cloud computing have various service models. Each cloud service model has a defined responsibility divided based on the stack layers between the service user and their cloud provider. Regardless of its service model, each service is constructed from sub-components and services running on the underlying layers. In this paper, we aim to enable more transparency and visibility by designing an ontology that links the provider's services with the sub-components used to deliver the service. Such breakdown for each cloud service sub-components enables the end user to track the vulnerabilities on the service level or one of its sub-components. Such information can result in a better understanding and management of reported vulnerabilities on the sub-components level and their impact on the offered services by the cloud provider. Our ontology and source code are published as an open-source and accessible via GitHub: \href{https://github.com/mohkharma/cc-ontology}{mohkharma/cc-ontology}Comment: 8 page

Medical ontology for treatment of clinical data from children and youth

The use of information technologies in the field of biomedical data management has grown considerably and is today one of the main fields of use of these technologies. There are several advantages arising either to an individual’s health or to public health, particularly because access to clinical data become available anywhere access via the Internet or individual health card. This card will contain personal data accessible from a terminal card reader, identical to the citizen card. This work focuses on the development of an ontology of universal data structure so that the information is accessible and organized in the same way, regardless of the system that use them. In this context there is the need to incorporate security mechanisms, the respect of ethical principles underlying the management and maintenance of clinical data, ensuring maximum confidentiality. To develop the proposed ontology, for the treatment of clinical data of children and youth is used as reference bulletin health in Portugal. Using this structure, it follows the clear and unambiguous identification of the fields required for registration of clinical information, standardized in a relational model. To ensure the confidentiality of data, identification of the individual is only the number of national health system and are not recorded on the card personal data such as name, address or contact forms