Abstract:To improve cyber threat analysis practices in cybersecurity, I present a plan to build a formal ontological representation of state actors in cyberspace and of cyber operations. I argue that modelling these phenomena via ontologies allows for coherent integration of data coming from diverse sources, automated reasoning over such data, as well as intelligence extraction and reuse from and of them. Existing ontological tools in cybersecurity can be ameliorated by connecting them to neighboring domains such as law, regulations, governmental institutions, and documents. In this paper, I propose metrics to evaluate currently existing ontological tools to create formal representations in the cybersecurity domain, and I provide a plan to develop and extend them when they are lacking.

What problem does this paper attempt to address?

The core problem that this paper attempts to solve is: **How to enhance data - sharing and analysis practices in cyber - threat intelligence by constructing formal ontological representations, especially for state actors in cyberspace and their operations**. Specifically, the author proposes an ontological - based method, aiming at: 1. **Integrating data from different sources**: By creating a unified semantic framework, data from different fields (such as cybersecurity, laws, regulations, government agencies and documents) can be consistently integrated and queried. 2. **Automated reasoning and intelligent extraction**: Use ontology for automatic reasoning, so as to extract useful intelligence information from a large amount of heterogeneous data and support automated decision - making. 3. **Improving cyber - threat analysis practices**: By formally representing state actors in cyberspace and their activities, help identify potential cyber - attacks, assess risks, and formulate response strategies. To achieve these goals, the author proposes the following research questions and their sub - questions: - **Can ontology be used to represent cyberspace, state and private actors in it, as well as the laws and regulations, values and goals penetrating it, and cyber - operations and their interactions?** - This requires defining and formalizing key concepts in cyberspace, such as information processing, information sharing, malicious actors and cyber - attacks, etc. - At the same time, it is also necessary to explore adjacent fields related to cybersecurity, such as digital sovereignty, data ownership, cyber - war, legal compliance, etc. - **Can this ontological representation be used to support cyber - threat analysis practices and provide data for training and validating mathematical models, simulations and AI applications?** - It is necessary to determine how to represent cyber - attacks, related regulations and rights in the knowledge graph format, so as to query these phenomena across different data sources. - It is also necessary to explore how to automate and integrate various intelligence and data analysis tasks related to threat intelligence. In addition, the author also discusses specific development methods and technical paths, including using existing ontological resources (such as BFO and CCO), and combining vocabularies such as MITRE's ATT&CK and D3FEND to ensure that the constructed ontology has both wide applicability and sufficient technical depth. In conclusion, the goal of this paper is to improve the processing capacity and efficiency of cyber - threat intelligence by constructing a comprehensive and interconnected ontological framework, especially in cases involving state actors.

Towards an ontology of state actors in cyberspace

Towards a Reconceptualisation of Cyber Risk: An Empirical and Ontological Study

Ontological Foundations of Modelling Security Policies for Logical Analytics

OntoCSD: an ontology-based security model for an integrated solution of cyberspace defense

Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence

Ontological Approach toward Cybersecurity in Cloud Computing

A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation

Towards a Cyber Information Ontology

IRSKG: Unified Intrusion Response System Knowledge Graph Ontology for Cyber Defense

A Theory of Offensive Cyberspace Operations and Its Policy and Strategy Implications

Security Ontology in a Virtual University

A set of semantic data flow diagrams and its security analysis based on ontologies and knowledge graphs

Aligning social concerns with information system security: A fundamental ontology for social engineering

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

Ontologies for Network Security and Future Challenges

An automated method for the ontological representation of security directives

Threat Actor Type Inference and Characterization within Cyber Threat Intelligence

Logical concept mapping and social media analytics relating to cyber criminal activities for ontology creation

Social engineering in cybersecurity: a domain ontology and knowledge graph application examples

Towards Ontological Approach to Security Risk Analysis of Information System: Model and Architecture

Developing and Building Ontologies in Cyber Security