A Study on Ontologies of Vulnerabilities and Attacks on VLAN (original) (raw)

Ontologies for Network Security and Future Challenges

12th International Conference on Cyber Warfare and Security - ICCWS 2017, 2017

Efforts have been recently made to construct ontologies for network security. The proposed ontologies are related to specific aspects of network security. Therefore, it is necessary to identify the specific aspects covered by existing ontologies for network security. A review and analysis of the principal issues, challenges, and the extent of progress related to distinct ontologies was performed. Each example was classified according to the typology of the ontologies for network security. Some aspects include identifying threats, intrusion detection systems (IDS), alerts, attacks, countermeasures, security policies, and network management tools. The research performed here proposes the use of three stages: 1. Inputs; 2. Processing; and 3. Outputs. The analysis resulted in the introduction of new challenges and aspects that may be used as the basis for future research. One major issue that was discovered identifies the need to develop new ontologies that relate to distinct aspects of network security, thereby facilitating management tasks. Ontologies for Network Security and Future Challenges. Available from: https://www.researchgate.net/publication/315881325\_Ontologies\_for\_Network\_Security\_and\_Future\_Challenges [accessed Sep 8, 2017].

An Ontology for Network Security Attacks

Asian Applied Computing Conference, 2004

We first consider network security services and then review threats, vulnerabilities and failure modes. This review is based on standard texts, using well-known concepts, categorizations, and methods, e.g. risk analysis using asset-based threat profiles and vulnerability profiles (attributes). The review is used to construct a framework which is then used to define an extensible ontology for network security attacks. We

A Computer Network Attack Taxonomy and Ontology

International Journal of Cyber Warfare and Terrorism, 2012

Computer network attacks differ in the motivation of the entity behind the attack, the execution and the end result. The diversity of attacks has the consequence that no standard classification exists. The benefit of automated classification of attacks, means that an attack could be mitigated accordingly.The authors extend a previous, initial taxonomy of computer network attackswhichforms the basis of a proposed network attack ontology in this paper. The objective of this ontology is to automate the classification of a network attack during its early stages.

Cybersecurity Ontology for Critical Infrastructures

2017

The number and frequency of hacker attacks on critical infrastructures like waterworks, government institutions, airports increase. The Cybersecurity of critical infrastructure is a complex topic with. A plenthora of requirements, measures from the BSI and the NIST as well as vulnerabilities that needs to be considered. This paper describes the ontology for IT-Security of critical infrastructures that combines the aforementioned requirements to give critical infrastructures a kind of guideline or roadmap for security and safety measures in order to preventively protect critical infrastructures of hacker attacks.

A Formalised Ontology for Network Attack Classification

One of the most popular attack vectors against computers are their network connections. Attacks on computers through their networks are commonplace and have various levels of complexity. This research formally describes network-based computer attacks in the form of a story, formally and within an ontology. The ontology categorises network attacks where attack scenarios are the focal class. This class consists of: Denial-of- Service, Industrial Espionage, Web Defacement, Unauthorised Data Access, Financial Theft, Industrial Sabotage, Cyber-Warfare, Resource Theft, System Compromise, and Runaway Malware. This ontology was developed by building a taxonomy and a temporal network attack model. Network attack instances (also know as individuals) are classified according to their respective attack scenarios, with the use of an automated reasoner within the ontology. The automated reasoner deductions are veri ed formally; and via the automated reasoner, a relaxed set of scenarios is determi...

Classifying network attack scenarios using an Ontology

2012

This paper presents a methodology using network attack ontology to classify computerbased attacks. Computer network attacks differ in motivation, execution and end result. Because attacks are diverse, no standard classification exists. If an attack could be classified, it could be mitigated accordingly. A taxonomy of computer network attacks forms the basis of the ontology. Most published taxonomies present an attack from either the attacker's or defender's point of view. This taxonomy presents both views. The main taxonomy classes are: Actor, Actor Location, Aggressor, Attack Goal, Attack Mechanism, Attack Scenario, Automation Level, Effects, Motivation, Phase, Scope and Target. The "Actor" class is the entity executing the attack. The "Actor Location" class is the Actor"s country of origin. The "Aggressor" class is the group instigating an attack. The "Attack Goal" class specifies the attacker"s goal. The "Attack Mechanism" class defines the attack methodology. The "Automation Level" class indicates the level of human interaction. The "Effects" class describes the consequences of an attack. The "Motivation" class specifies incentives for an attack. The "Scope" class describes the size and utility of the target. The "Target" class is the physical device or entity targeted by an attack. The "Vulnerability" class describes a target vulnerability used by the attacker. The "Phase" class represents an attack model that subdivides an attack into different phases.

Conceptual Characterization of Cybersecurity Ontologies

2020

Cybersecurity is known as the practice of protecting systems from digital attacks. Organizations are seeking efficient solutions for the management and protection of their assets. It is a complex issue, especially for great enterprises, because it requires an interdisciplinary approach. The kinds of problems enterprises must deal with and this domain complexity induces misinterpretations and misunderstandings about the concepts and relations in question. This article focus on dealing with Cybersecurity from an ontological perspective. The first contribution is a search of previously existing works that have defined Cybersecurity Ontologies. The paper describes the process to search these works. The second contribution of the paper is the definition of characteristics to classify the papers of Cybersecurity Ontologies previously found. This classification aims to compare the previous works with the same criteria. The third contribution of the paper is the analysis of the results of the comparison of previous works in the field of Cybersecurity Ontologies. Moreover, the paper discusses the gaps found and proposes good practice actions in Ontology Engineering for this domain. The article ends with some next steps proposed in the evolution towards a pragmatic and iterative solution that meets the needs of organizations.

Use of Ontologies for the Definition of Alerts and Policies in a Network Security Platform

Journal of Networks, 2009

A quick and efficient reaction to an attack is important to address the evolution of security incidents in current communication networks. The ReD (Reaction after Detection) project's aim is to design solutions that enhance the detection/reaction security process. This will improve the overall resilience of IP networks to attacks, helping telecommunication and service providers to maintain sufficient quality of service to comply with service level agreements. A main component within this project is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontologybased methodology for the instantiation of these security policies. This approach provides a way to map alerts into attack contexts, which are later used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings. These ontologies are semantic representations of IDMEF alerts and ORBAC policies. Finally, this approach is applied in a Voice over IP use case, illustrating the mapping process.

Developing an Ontology of the Cyber Security Domain

2012

This paper reports on a trade study we performed to support the development of a Cyber ontology from an initial malware ontology. The goals of the Cyber ontology effort are first described, followed by a discussion of the ontology development methodology used. The main body of the paper then follows, which is a description of the potential ontologies and standards that could be utilized to extend the Cyber ontology from its initially constrained malware focus. These resources include, in particular, Cyber and malware standards, schemas, and terminologies that directly contributed to the initial malware ontology effort. Other resources are upper (sometimes called 'foundational') ontologies. Core concepts that any Cyber ontology will extend have already been identified and rigorously defined in these foundational ontologies. However, for lack of space, this section is profoundly reduced. In addition, utility ontologies that are focused on time, geospatial, person, events, and ...

ThreMA: Ontology-Based Automated Threat Modeling for ICT Infrastructures

IEEE Access

Threat Modelling allows defenders to identify threats to which the target system is exposed. Such a process requires a detailed infrastructure analysis to map threats to assets and to identify possible flaws. Unfortunately, the process is still mostly done manually and without the support of formally sound approaches. Moreover, Threat Modelling often involves teams with different levels of security knowledge, leading to different possible interpretation in the system under analysis representation. Threat modelling automation comes with two main challenges: (i) the need for a standard representation of models and data used in various stages of the process, establishing a formal vocabulary for all involved parties, and (ii) the requirement for a well-defined inference rule set enabling reasoning process automation for threat identification. The paper presents the ThreMA approach to automating threat modelling for ICT infrastructures, aiming at addressing the key automation issues through the use of ontologies. Specifically, a formal vocabulary for modelling an ICT infrastructure, a threat catalog and a set of inference rules needed to support the reasoning process for threat identification are provided. The proposed approach has been validated against actual significant case studies provided by different Stakeholders of the Italian Public Sector.