Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Muhammad Shoaib Farooq,Muhammad Talha Waseem

DOI: https://doi.org/10.48550/arXiv.2306.00377

2023-06-01

Abstract:Cyber Security is one of the most arising disciplines in our modern society. We work on Cybersecurity domain and in this the topic we chose is Cyber Security Ontologies. In this we gather all latest and previous ontologies and compare them on the basis of different analyzing factors to get best of them. Reason to select this topic is to assemble different ontologies from different era of time. Because, researches that included in this SLR is mostly studied single ontology. If any researcher wants to study ontologies, he has to study every single ontology and select which one is best for his research. So, we assemble different types of ontology and compare them against each other to get best of them. A total 24 papers between years 2010-2020 are carefully selected through systematic process and classified accordingly. Lastly, this SLR have been presented to provide the researchers promising future directions in the domain of cybersecurity ontologies.

Cryptography and Security,Artificial Intelligence,Computation and Language

Weiwu Ren,Liang Hu,Kuo Zhao,Bing Jia

DOI: https://doi.org/10.4028/www.scientific.net/amr.694-697.2466

2013-01-01

Advanced Materials Research

Abstract:Semantic modeling has become indispensable to integrate various specific security issues of Internet of Things. How to describe attack scenarios and how to define an intrusion unambiguously has been an urgent problem. For solving two above problems, a new three-level information security ontology model is proposed, which is an initial attempt to solve security issues by means of ontology technology. Five top classes are proposed in the domain ontology level. Then their subclasses are also proposed on the basis of actual scenarios in the local ontology level. Our intelligent laboratory, as experiment scenarios, is partly instantiated.

Loredana Mocean,Miranda-Petronella Vlad

DOI: https://doi.org/10.2478/raft-2024-0017

2024-06-01

Land Forces Academy Review

Abstract:Abstract In this paper we propose a cybersecurity ontology model designed for universities, aiming to facilitate the management and protection of sensitive data and information within the context of the growing cybersecurity threats. The proposed ontology includes four distinct hierarchical levels: the basic level, the conceptual level, the instance level and the relationships level. At the basic level, it defines essential terms and principles of cybersecurity, including concepts like vulnerability, threat, cyber-attack, security policies and security rules. At the conceptual level, the ontology categorizes information and cybersecurity systems, embracing domains such as data protection, authentication, authorization, and auditing. At the instance level, the ontology describes specific examples of information and cybersecurity systems used in universities, such as the library management system or the accounting management system. At the relationships level, the ontology establishes links between different categories of information and cybersecurity systems, as well as between these systems and the entities that use them, such as students, professors and administrative staff. By implementing this cybersecurity ontology, universities can improve the management and protection of their sensitive data and information, as well as respond more efficiently to cybersecurity threats.

Tong Li,Xiaowei Wang,Yeming Ni

DOI: https://doi.org/10.1016/j.is.2020.101699

IF: 3.18

2022-02-01

Information Systems

Abstract:<p>Along with the rapid development of socio-technical systems, people are playing an increasingly important role in information system and have actually become an essential system component. However, unlike technology-based attacks that have been investigated for decades, social engineering attacks have not been efficiently addressed. In particular, due to the interdisciplinary nature of social engineering, there is a lack of consensus on its definition, hindering the further development of this research field. In this paper, we propose a comprehensive and fundamental ontology of social engineering based on a systematic review of existing social engineering taxonomies and ontologies in order to provide a theoretical foundation for social engineering analysis. The essential contributions of this paper include: (1) propose a comprehensive ontology of social engineering and precisely specify ontological definitions of its essential concepts based on Situation Calculus; (2) enumerate and summarize a set of social engineering techniques and present their fine-grained classification based on the proposed ontology; (3) incorporate psychology and sociology knowledge into social engineering analysis, encapsulating such knowledge in terms of a formalized ontology. We have evaluated our ontology based on a set of real social engineering attacks, the results of which show the usefulness of our proposal.</p>

computer science, information systems

Giacomo De Colle

2024-08-03

Abstract:To improve cyber threat analysis practices in cybersecurity, I present a plan to build a formal ontological representation of state actors in cyberspace and of cyber operations. I argue that modelling these phenomena via ontologies allows for coherent integration of data coming from diverse sources, automated reasoning over such data, as well as intelligence extraction and reuse from and of them. Existing ontological tools in cybersecurity can be ameliorated by connecting them to neighboring domains such as law, regulations, governmental institutions, and documents. In this paper, I propose metrics to evaluate currently existing ontological tools to create formal representations in the cybersecurity domain, and I provide a plan to develop and extend them when they are lacking.

Cryptography and Security,Artificial Intelligence,Logic in Computer Science

Lucía Prieto Santamaría,David Fernández Lobón,Antonio Díaz-Honrubia,Ernestina Ruiz,Sokratis Nifakos,Alejandro Rodríguez-González,Antonio Jesús Díaz-Honrubia,Ernestina Menasalvas Ruiz

DOI: https://doi.org/10.1055/s-0041-1735621

IF: 1.8

2021-10-05

Methods of Information in Medicine

Abstract:Abstract Objectives The aim of the study is to design an ontology model for the representation of assets and its features in distributed health care environments. Allow the interchange of information about these assets through the use of specific vocabularies based on the use of ontologies. Methods Ontologies are a formal way to represent knowledge by means of triples composed of a subject, a predicate, and an object. Given the sensitivity of network assets in health care institutions, this work by using an ontology-based representation of information complies with the FAIR principles. Federated queries to the ontology systems, allow users to obtain data from multiple sources (i.e., several hospitals belonging to the same public body). Therefore, this representation makes it possible for network administrators in health care institutions to have a clear understanding of possible threats that may emerge in the network. Results As a result of this work, the “Software Defined Networking Description Language—CUREX Asset Discovery Tool Ontology” (SDNDL-CAO) has been developed. This ontology uses the main concepts in network assets to represent the knowledge extracted from the distributed health care environments: interface, device, port, service, etc. Conclusion The developed SDNDL-CAO ontology allows to represent the aforementioned knowledge about the distributed health care environments. Network administrators of these institutions will benefit as they will be able to monitor emerging threats in real-time, something critical when managing personal medical information.

health care sciences & services,computer science, information systems,medical informatics

M. Fuentes-García,J. Camacho,G. Maciá-Fernández

DOI: https://doi.org/10.1109/ACCESS.2021.3067106

IF: 3.9

IEEE Access

Abstract:Network Security Monitoring (NSM) is a popular term to refer to the detection of security incidents by monitoring the network events. An NSM system is central for the security of current networks, given the escalation in sophistication of cyberwarfare. In this paper, we review the state-of-the-art in NSM, and derive a new taxonomy of the functionalities and modules in an NSM system. This taxonomy is useful to assess current NSM deployments and tools for both researchers and practitioners. We organize a list of popular tools according to this new taxonomy, and identify challenges in the application of NSM in modern network deployments, like Software Defined Network (SDN) and Internet of Things (IoT).

Engineering,Computer Science

Shuning Hou,Xiuzhen Chen,Jin Ma,Zhihong Zhou,Haiyang Yu

DOI: https://doi.org/10.3389/fenrg.2022.928919

IF: 3.4

2022-06-16

Frontiers in Energy Research

Abstract:With the development of automobile intelligence, the security of the Internet of Vehicles has become a key factor that affects the development of intelligent vehicles. However, existing security risk analysis methods for the IoV either focus only on certain levels, such as the component level, or perform only a static analysis. This paper proposes a dynamic attack graph generation method for the IoV to identify and visually display the security risks caused by the associated vulnerabilities in an IoV system. First, using the actual architecture of the IoV, this paper shows how to model the security elements and their relationships in the IoV system and proposes a network security ontology model for this system. Second, it shows how to construct a reasoning rule base according to the causal relationship between the vulnerabilities using the Semantic Web Rule Language Finally, in view of the rapid change in the network topology of the IoV, a dynamic attack graph generation algorithm based on an ontology reasoning engine is proposed, which can effectively reduce the overhead caused by the changes in the attack graph. The effectiveness of the algorithm is demonstrated through an actual security event scenario and a constructed scenario. The experimental results show that the algorithm can dynamically and accurately display the network attack graph of the IoV. The proposed method is helpful in globally analyzing the threat caused by the combined exploitation of the vulnerabilities in an IoV system and risk management.

energy & fuels

Juan Ye,Lorcan Coyle,Simon Dobson,Paddy Nixon

DOI: https://doi.org/10.1017/S0269888907001208

2007-01-01

Abstract:Pervasive computing is by its nature open and extensible, and must integrate the information from a diverse range of sources. This leads to a problem of information exchange, so sub-systems must agree on shared representations. Ontologies potentially provide a well-founded mechanism for the representation and exchange of such structured information. A number of ontologies have been developed specifically for use in pervasive computing, none of which appears to cover adequately the space of concerns applicable to application designers. We compare and contrast the most popular ontologies, evaluating them against the system challenges generally recognized within the pervasive computing community. We identify a number of deficiencies that must be addressed in order to apply the ontological techniques successfully to next-generation pervasive systems.

Dandan Wu,Jie Chen,Ruiyun Xie,Ke Chen

DOI: https://doi.org/10.1631/fitee.2300662

IF: 2.526

2024-10-01

Frontiers of Information Technology & Electronic Engineering

Abstract:The construction of an integrated solution for cyberspace defense with dynamic, flexible, and intelligent features is a new idea. To solve the problem whereby traditional static protection methods cannot respond to various network attacks or security demands in an adversarial network environment in time, and to form a complete integrated solution from "threat discovery" to "decision-making generation," we propose an ontology-based security model, OntoCSD, for an integrated solution of cyberspace defense that uses Web ontology language (OWL) to represent the ontology classes and relationships of threat monitoring, decision-making, response, and defense in cyberspace, and uses semantic Web rule language (SWRL) to design the defensive reasoning rules. OntoCSD can discover potential relationships among network attacks, vulnerabilities, the security state, and defense strategies. Further, an artificial intelligence (AI) expert system based on case-based reasoning (CBR) is used to quickly generate a detailed and comprehensive decision-making scheme. Finally, through Kendall's coefficient of concordance ( W ) and four experimental cases in a typical computer network defense (CND) system, which reasons on represented facts and the ontology, OntoCSD's consistency and its feasibility to solve the issues in the field of cyberspace defense are validated. OntoCSD supports automatic association and reasoning, and provides an integrated solution framework of cyberspace defense.

engineering, electrical & electronic,computer science, information systems, software engineering

Kulsoom S. Bughio,David M. Cook,Syed Afaq A. Shah

DOI: https://doi.org/10.3390/s24092804

IF: 3.9

2024-04-28

Sensors

Abstract:IoT has seen remarkable growth, particularly in healthcare, leading to the rise of IoMT. IoMT integrates medical devices for real-time data analysis and transmission but faces challenges in data security and interoperability. This research identifies a significant gap in the existing literature regarding a comprehensive ontology for vulnerabilities in medical IoT devices. This paper proposes a fundamental domain ontology named MIoT (Medical Internet of Things) ontology, focusing on cybersecurity in IoMT (Internet of Medical Things), particularly in remote patient monitoring settings. This research will refer to similar-looking acronyms, IoMT and MIoT ontology. It is important to distinguish between the two. IoMT is a collection of various medical devices and their applications within the research domain. On the other hand, MIoT ontology refers to the proposed ontology that defines various concepts, roles, and individuals. MIoT ontology utilizes the knowledge engineering methodology outlined in Ontology Development 101, along with the structured life cycle, and establishes semantic interoperability among medical devices to secure IoMT assets from vulnerabilities and cyberattacks. By defining key concepts and relationships, it becomes easier to understand and analyze the complex network of information within the IoMT. The MIoT ontology captures essential key terms and security-related entities for future extensions. A conceptual model is derived from the MIoT ontology and validated through a case study. Furthermore, this paper outlines a roadmap for future research, highlighting potential impacts on security automation in healthcare applications.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Daniele Bringhenti,Guido Marchetto,Riccardo Sisto,Fulvio Valenza

DOI: https://doi.org/10.1145/3616401

IF: 16.6

2023-08-17

ACM Computing Surveys

Abstract:The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated.

computer science, theory & methods

Charalampos Bratsas,Efstathios Konstantinos Anastasiadis,Alexandros K. Angelidis,Lazaros Ioannidis,Rigas Kotsakis,Stefanos Ougiaroglou

DOI: https://doi.org/10.3390/jcp4030025

2024-08-01

Journal of Cybersecurity and Privacy

Abstract:The amount of data related to cyber threats and cyber attack incidents is rapidly increasing. The extracted information can provide security analysts with useful Cyber Threat Intelligence (CTI) to enhance their decision-making. However, because the data sources are heterogeneous, there is a lack of common representation of information, rendering the analysis of CTI complicated. With this work, we aim to review ongoing research on the use of semantic web tools such as ontologies and Knowledge Graphs (KGs) within the CTI domain. Ontologies and KGs can effectively represent information in a common and structured schema, enhancing interoperability among the Security Operation Centers (SOCs) and the stakeholders on the field of cybersecurity. When fused with Machine Learning (ML) and Deep Learning (DL) algorithms, the constructed ontologies and KGs can be augmented with new information and advanced inference capabilities, facilitating the discovery of previously unknown CTI. This systematic review highlights the advancements of this field over the past and ongoing decade and provides future research directions.

computer science, information systems, interdisciplinary applications, software engineering

Yassine Maleh,Youssef Qasmaoui,Khalid El Gholami,Yassine Sadqi,Soufyane Mounir

DOI: https://doi.org/10.1007/s40860-022-00171-8

2022-02-08

Journal of Reliable Intelligent Environments

Abstract:Nowadays, security threats on Software Defined Network SDN architectures are similar to traditional networks. However, the profile of these threats changes with SDN. For example, a denial-of-service attack on a centralized controller that manages a large network of several network devices (routers, switches, etc.) is more destructive than a targeted attack against a router. A spoofed SDN controller could allow a hacker to control an entire network, while a spoofed router could only harm the proper functioning of the traffic routed through that router. The SDN is facing these new security challenges, especially on securing the SDN architecture itself. SDN security is ensured at all these levels based on three-layer architecture and programming interfaces, which poses several challenges. The SDN’s security challenges are expected to grow with the progressive deployment. This paper aims to provide a comprehensive review of state of the art, accompanied by categorizing the research literature into a taxonomy that highlights each proposal’s main characteristics and contributions to the SDN&#x27;s different layers. Based on the analysis of existing work, we also highlight key research gaps that could support future research in this area.

Andrei Brazhuk

2023-03-20

Abstract:For a long time threat modeling was treated as a manual, complicated process. However modern agile development methodologies and cloud computing technologies require adding automatic threat modeling approaches. This work considers two challenges: creating a set of machine-readable data flow diagrams that represent real cloud based applications; and usage domain specific knowledge for automatic analysis of the security aspects of such applications. The set of 180 semantic diagrams (ontologies and knowledge graphs) is created based on cloud configurations (Docker Compose); the set includes a manual taxonomy that allows to define the design and functional aspects of the web based and data processing applications; the set can be used for various research in the threat modeling field. This work also evaluates how ontologies and knowledge graphs can be used to automatically recognize patterns (mapped to security threats) in diagrams. A pattern represents features of a diagram in form of a request to a knowledge base, what enables its recognition in a semantic representation of a diagram. In an experiment four groups of the patterns are created (web applications, data processing, network, and docker specific), and the diagrams are examined by the patterns. Automatic results, received for the web applications and data processing patterns, are compared with the manual taxonomy in order to study challenges of automatic threat modeling.

Cryptography and Security,Artificial Intelligence

Ítalo Oliveira,Tiago Prince Sales,João Paulo A. Almeida,Riccardo Baratella,Mattia Fumagalli,Giancarlo Guizzardi

DOI: https://doi.org/10.1007/s10270-024-01149-1

2024-02-17

Software & Systems Modeling

Abstract:Enterprise Risk Management involves the process of identification, evaluation, treatment, and communication regarding risks throughout the enterprise. To support the tasks associated with this process, several frameworks and modeling languages have been proposed, such as the Risk and Security Overlay (RSO) of ArchiMate. An ontological investigation of this artifact would reveal its adequacy, capabilities, and limitations w.r.t. the domain of risk and security. Based on that, a language redesign can be proposed as a refinement. Such analysis and redesign have been executed for the risk elements of the RSO grounded in the Common Ontology of Value and Risk . The next step along this line of research is to address the following research problems: What would be the outcome of an ontological analysis of security-related elements of the RSO? That is, can we identify other semantic deficiencies in the RSO through an ontological analysis? Once such an analysis is provided, can we redesign the security elements of the RSO accordingly, in order to produce an improved artifact? Here, with the aid of the Reference Ontology for Security Engineering (ROSE) and the ontological theory of prevention behind it, we address the remaining gap by proceeding with an ontological analysis of the security-related constructs of the RSO. The outcome of this assessment is an ontology-based redesign of the ArchiMate language regarding security modeling. In a nutshell, we report the following contributions: (1) an ontological analysis of the RSO that identifies six limitations concerning security modeling; (2) because of the key role of the notion of prevention in security modeling, the introduction of the ontological theory of prevention in ArchiMate; (3) a well-founded redesign of security elements of ArchiMate; and (4) ontology-based security modeling patterns that are logical consequences of our proposal of redesign due to its underlying ontology of security. As a form of evaluation, we show that our proposal can describe risk treatment options, according to ISO 31000. Finally, besides presenting multiple examples, we proceed with a real-world illustrative application taken from the cybersecurity domain.

computer science, software engineering

Vasileios Mavroeidis,Siri Bromander

DOI: https://doi.org/10.1109/EISIC.2017.20

2023-08-28

Abstract:Cyber threat intelligence is the provision of evidence-based knowledge about existing or emerging threats. Benefits from threat intelligence include increased situational awareness, efficiency in security operations, and improved prevention, detection, and response capabilities. To process, correlate, and analyze vast amounts of threat information and data and derive intelligence that can be shared and consumed in meaningful times, it is required to utilize structured, machine-readable formats that incorporate the industry-required expressivity while at the same time being unambiguous. To a large extent, this is achieved with technologies like ontologies, schemas, and taxonomies. This research evaluates the coverage and high-level conceptual expressivity of cyber-threat-intelligence-relevant ontologies, sharing standards, and taxonomies pertaining to the who, what, why, where, when, and how elements of threats and attacks in addition to courses of action and technical indicators. The results confirm that little emphasis has been given to developing a comprehensive cyber threat intelligence ontology, with existing efforts being not thoroughly designed, non-interoperable, ambiguous, and lacking proper semantics and axioms for reasoning.

Cryptography and Security

Omerah Yousuf,Roohie Naaz Mir

DOI: https://doi.org/10.1108/ICS-07-2018-0084

2019-10-07

Information and Computer Security

Abstract:Internet of Things (IoT) is a challenging and promising system concept and requires new types of architectures and protocols compared to traditional networks. Security is an extremely critical issue for IoT that needs to be addressed efficiently. Heterogeneity being an inherent characteristic of IoT gives rise to many security issues that need to be addressed from the perspective of new architectures such as software defined networking, cryptographic algorithms, federated cloud and edge computing. The paper analyzes the IoT security from three perspectives: three-layer security architecture, security issues at each layer and security countermeasures. The paper reviews the current state of the art, protocols and technologies used at each layer of security architecture. The paper focuses on various types of attacks that occur at each layer and provides the various approaches used to countermeasure such type of attacks. The data exchanged between the different devices or applications in the IoT environment are quite sensitive; thus, the security aspect plays a key role and needs to be addressed efficiently. This indicates the urgent needs of developing general security policy and standards for IoT products. The efficient security architecture needs to be imposed but not at the cost of efficiency and scalability. The paper provides empirical insights about how the different security threats at each layer can be mitigated. The paper fulfills the need of having an extensive and elaborated survey in the field of IoT security, along with suggesting the countermeasures to mitigate the threats occurring at each level of IoT protocol stack.

Romil Rawat

DOI: https://doi.org/10.1007/s41870-022-00934-9

2022-05-02

International Journal of Information Technology

Abstract:The backbone of the semantic web is ontology, dealing with the context of details associated with a specific domain. Domain ontology (DO) is an important source of information for knowledge-based systems. Nonetheless, developing DO is a time-consuming procedure that is heavily reliant on the developer&#x27;s expertise. Here, a novel semi-automated technique for creating Ontologies in the terrorism domain is suggested. Terrorism actions provide critical information that can be used to improve a country&#x27;s security system. To obtain the most up-to-date knowledge of the domain, online social network (OSN) data, specifically Twitter text data, is retrieved, and then concepts and associated relationships are recognized and mapped through formal concept analysis (FCA). The fluent editor tool (FET) displays a number of user-defined associations. Knowledge is also extracted using a query-based approach and a reasoner window in the FET. The created DO is broadcast on the web using an ontology web language (OWL) that may be used in a variety of other applications. The suggested work is notable because it creates broad-coverage DO for the terrorist domain using a tool called Fluent Editor (FE) instead of the typical tool (protégé), and semantic information is retrieved with 100% correctness, similar to a query-based search system (QBS).