Huangjie Zheng,Yuchen Wang,Chen Han,Fangjie Le,Ruan He,Jialiang Lu

DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00180

2018-01-01

Abstract:In cyber security, the ontology is invented to provide vocabulary in a generalized machine-processable language for downstream works such as attack detection. Meanwhile, machine learning (ML) as a promising intelligent field, is widely investigated to achieve the automation of these tasks. Existing ML-based methods suffer from confines of specific data and preprocessing, while applying ontology with machine learning methods is still rarely discussed. In this paper, 1) we propose a novel approach for automatic attack detection by generating ontology with deep learning through neural network embeddings; 2) we validate the learned ontology by comparing it with a manual ontology built by security expert, the results demonstrates that the latent representation learned with neural networks could serve as a novel ontology format so as to provide a generalized machine-processable language for downstream works, which is the intention of the ontology; 3) finally, we develop a platform to achieve the entire intelligent ontology learning and utilization for cyber attack detection. Our experimental results shows that our proposed ontology is promising to collaborate with machine learning based methods in order to improve the intelligent intrusion detection for cyber security.

Alfred Ka Yiu Wong,Nandan Paranesh,Pradeep Ray

DOI: https://doi.org/10.1142/s0218213006003120

IF: 1.1

2006-01-01

International Journal on Artificial Intelligence Tools

Abstract:In the past decade, ontology has been actively researched in various domains. The different ontological tasks range from simple language modeling in the linguistic domain, to semantic integration in the semantic web, and recently to application-specific tasks such as financial fraud management. We follow the trend and attempt to tackle some of the ontological problems in security management. The most complicated problem out of all is the semantic interoperability problem that is evident in the existence of various types of security elements such as IDS, firewall and virus scanner. Another problem is related to the semantic modeling tasks required for autonomous and intelligent reasoning. Semantic modeling of security events is essential for automatic and intelligent event correlation tasks that analyze semantically the different sources of security information to more accurately present the holistic network security status. We present in this paper a novel and formal ontology mapping approach and security ontology for the supporting and possibly resolution of these problems.

Danny Velasco,Glen Rodriguez

DOI: https://doi.org/10.48550/arXiv.1704.02441

2017-04-08

Cryptography and Security

Abstract:Efforts have been recently made to construct ontologies for network security. The proposed ontologies are related to specific aspects of network security. Therefore, it is necessary to identify the specific aspects covered by existing ontologies for network security. A review and analysis of the principal issues, challenges, and the extent of progress related to distinct ontologies was performed. Each example was classified according to the typology of the ontologies for network security. Some aspects include identifying threats, intrusion detection systems (IDS), alerts, attacks, countermeasures, security policies, and network management tools. The research performed here proposes the use of three stages: 1. Inputs; 2. Processing; and 3. Outputs. The analysis resulted in the introduction of new challenges and aspects that may be used as the basis for future research. One major issue that was discovered identifies the need to develop new ontologies that relate to distinct aspects of network security, thereby facilitating management tasks.

Weiwu Ren,Liang Hu,Kuo Zhao,Bing Jia

DOI: https://doi.org/10.4028/www.scientific.net/amr.694-697.2466

2013-01-01

Advanced Materials Research

Abstract:Semantic modeling has become indispensable to integrate various specific security issues of Internet of Things. How to describe attack scenarios and how to define an intrusion unambiguously has been an urgent problem. For solving two above problems, a new three-level information security ontology model is proposed, which is an initial attempt to solve security issues by means of ontology technology. Five top classes are proposed in the domain ontology level. Then their subclasses are also proposed on the basis of actual scenarios in the local ontology level. Our intelligent laboratory, as experiment scenarios, is partly instantiated.

Liu Fang,Ming Cai,Hao Fu,Jinxiang Dong

DOI: https://doi.org/10.1007/978-3-540-72588-6_168

2007-01-01

Abstract:One method for detecting fraud is to check for suspicious changes in user behavior. This paper proposes a novel method, built upon ontology and ontology instance similarity. Ontology is now widely used to enable knowledge sharing and reuse, so some personality ontologies can be easily used to present user behavior. By measure the similarity of ontology instances, we can determine whether an account is defrauded. This method lows the data model cost and make the system very adaptive to different applications.

Tong Li,Xiaowei Wang,Yeming Ni

DOI: https://doi.org/10.1016/j.is.2020.101699

IF: 3.18

2022-02-01

Information Systems

Abstract:<p>Along with the rapid development of socio-technical systems, people are playing an increasingly important role in information system and have actually become an essential system component. However, unlike technology-based attacks that have been investigated for decades, social engineering attacks have not been efficiently addressed. In particular, due to the interdisciplinary nature of social engineering, there is a lack of consensus on its definition, hindering the further development of this research field. In this paper, we propose a comprehensive and fundamental ontology of social engineering based on a systematic review of existing social engineering taxonomies and ontologies in order to provide a theoretical foundation for social engineering analysis. The essential contributions of this paper include: (1) propose a comprehensive ontology of social engineering and precisely specify ontological definitions of its essential concepts based on Situation Calculus; (2) enumerate and summarize a set of social engineering techniques and present their fine-grained classification based on the proposed ontology; (3) incorporate psychology and sociology knowledge into social engineering analysis, encapsulating such knowledge in terms of a formalized ontology. We have evaluated our ontology based on a set of real social engineering attacks, the results of which show the usefulness of our proposal.</p>

computer science, information systems

Loredana Mocean,Miranda-Petronella Vlad

DOI: https://doi.org/10.2478/raft-2024-0017

2024-06-01

Land Forces Academy Review

Abstract:Abstract In this paper we propose a cybersecurity ontology model designed for universities, aiming to facilitate the management and protection of sensitive data and information within the context of the growing cybersecurity threats. The proposed ontology includes four distinct hierarchical levels: the basic level, the conceptual level, the instance level and the relationships level. At the basic level, it defines essential terms and principles of cybersecurity, including concepts like vulnerability, threat, cyber-attack, security policies and security rules. At the conceptual level, the ontology categorizes information and cybersecurity systems, embracing domains such as data protection, authentication, authorization, and auditing. At the instance level, the ontology describes specific examples of information and cybersecurity systems used in universities, such as the library management system or the accounting management system. At the relationships level, the ontology establishes links between different categories of information and cybersecurity systems, as well as between these systems and the entities that use them, such as students, professors and administrative staff. By implementing this cybersecurity ontology, universities can improve the management and protection of their sensitive data and information, as well as respond more efficiently to cybersecurity threats.

ZHAO Jia-bao,TAN Xiao-jie,JIAO Xiao-cheng,ZHANG Liang

DOI: https://doi.org/10.3969/j.issn.1001-506x.2010.10.28

2010-01-01

Abstract:There are a mass of real-time data sampled from the manufacturing processes of process industry,and it is very important to take the most advantage of these data with suitable and effective methods.It can make the production keep well-balanced,improves the management of production,and alerts people to any danger.Unfortunately,the process data are abstract and lack of readability and intelligibility.Hence an Ontology-based approach is presented for the design and implementation of industrial integrated alarm management systems.First,it is discussed that how to implement an ontology-based method to construct a multilevel knowledge base system that contains detector level,location level and process level alarms.Then an intelligent ontology management sub-system is added to the real-time supervisory system.The reasoning mechanism and integrated interactive interface are shown consequently.Finally,the design and implementation of Ontology-based industrial integrated alarm management systems are introduced and analyzed.An application example is presented to verify the proposed method.

Yun Xiao,Chongzhao Han

2006-01-01

Abstract:Traditional intrusion detection systems (IDSs) focus on low-level attacks and anomalies, and raise alerts independently, though there may be logical connections between them. In this paper, a method of correlating intrusion alerts into attack scenarios based on the improved evolving self-organizing map (IESOM) was proposed. IESOM gives a rational formula to calculate the initial values of connection strengths instead of assigning some experiential or tentative constants as connection strength values in ESOM. IESOM is an evolving extension of the self-organizing map (SOM) model, which allows for an evolvable network structure and very fast incremental learning. System of correlating intrusion alerts into attack scenarios based on IESOM has four functions of filtering, aggregation, condensing and combination, and the visual attack scenarios are given as the output of the system. The results on LLS DDOS1.0 and real-word dataset B prove that our method is useful and effective.

Siva Surya Narayana Chintapalli,Satya Prakash Singh,Jaroslav Frnda,Parameshachari Bidare Divakarachari,Vijaya Lakshmi Sarraju,Przemysław Falkowski-Gilski

DOI: https://doi.org/10.1016/j.heliyon.2024.e29410

IF: 3.776

2024-04-13

Heliyon

Abstract:Currently, the Internet of Things (IoT) generates a huge amount of traffic data in communication and information technology. The diversification and integration of IoT applications and terminals make IoT vulnerable to intrusion attacks. Therefore, it is necessary to develop an efficient Intrusion Detection System (IDS) that guarantees the reliability, integrity, and security of IoT systems. The detection of intrusion is considered a challenging task because of inappropriate features existing in the input data and the slow training process. In order to address these issues, an effective meta heuristic based feature selection and deep learning techniques are developed for enhancing the IDS. The Osprey Optimization Algorithm (OOA) based feature selection is proposed for selecting the highly informative features from the input which leads to an effective differentiation among the normal and attack traffic of network. Moreover, the traditional sigmoid and tangent activation functions are replaced with the Exponential Linear Unit (ELU) activation function to propose the modified Bi-directional Long Short Term Memory (Bi-LSTM). The modified Bi-LSTM is used for classifying the types of intrusion attacks. The ELU activation function makes gradients extremely large during back-propagation and leads to faster learning. This research is analysed in three different datasets such as N-BaIoT, Canadian Institute for Cybersecurity Intrusion Detection Dataset 2017 (CICIDS-2017), and ToN-IoT datasets. The empirical investigation states that the proposed framework obtains impressive detection accuracy of 99.98 %, 99.97 % and 99.88 % on the N-BaIoT, CICIDS-2017, and ToN-IoT datasets, respectively. Compared to peer frameworks, this framework obtains high detection accuracy with better interpretability and reduced processing time.

Xuejun Nie,Jingli Zhou

DOI: https://doi.org/10.1109/ICNSC.2008.4525501

2008-01-01

Abstract:Ontology leaning is a solution to the bottleneck of knowledge acquisition and time-consuming construction of ontologies. In recent years, a lot of research work has been done to design appropriate methods for ontology learning. However, all these methods suffer from some common shortcomings which prevent wide production and usage of ontologies. In this paper, we first analyze the characteristics of these shortcomings and then proposed an ontology learning framework OntoExtractor, which includes seed concept extraction, semantic relationships construction and ontology refinement. As the result shows, this framework could provide good domain adaptability for ontology learning system.

Romil Rawat

DOI: https://doi.org/10.1007/s41870-022-00934-9

2022-05-02

International Journal of Information Technology

Abstract:The backbone of the semantic web is ontology, dealing with the context of details associated with a specific domain. Domain ontology (DO) is an important source of information for knowledge-based systems. Nonetheless, developing DO is a time-consuming procedure that is heavily reliant on the developer&#x27;s expertise. Here, a novel semi-automated technique for creating Ontologies in the terrorism domain is suggested. Terrorism actions provide critical information that can be used to improve a country&#x27;s security system. To obtain the most up-to-date knowledge of the domain, online social network (OSN) data, specifically Twitter text data, is retrieved, and then concepts and associated relationships are recognized and mapped through formal concept analysis (FCA). The fluent editor tool (FET) displays a number of user-defined associations. Knowledge is also extracted using a query-based approach and a reasoner window in the FET. The created DO is broadcast on the web using an ontology web language (OWL) that may be used in a variety of other applications. The suggested work is notable because it creates broad-coverage DO for the terrorist domain using a tool called Fluent Editor (FE) instead of the typical tool (protégé), and semantic information is retrieved with 100% correctness, similar to a query-based search system (QBS).

Christopher Neal,Jean-Yves De Miceli,David Barrera,José Fernandez

DOI: https://doi.org/10.48550/arXiv.2207.00637

2022-07-02

Abstract:The Automatic Dependent Surveillance-Broadcast (ADS-B) protocol is increasingly being adopted by the aviation industry as a method for aircraft to relay their position to Air Traffic Control (ATC) monitoring systems. ADS-B provides greater precision compared to traditional radar-based technologies, however, it was designed without any encryption or authentication mechanisms and has been shown to be susceptible to spoofing attacks. A capable attacker can transmit falsified ADS-B messages with the intent of causing false information to be shown on ATC displays and threaten the safety of air traffic. Updating the ADS-B protocol will be a lengthy process, therefore, there is a need for systems to detect anomalous ADS-B communications. This paper presents ATC-Sense, an ADS-B anomaly detection system based on ontologies. An ATC ontology is used to model entities in a simulated controlled airspace and is used to detect falsified ADS-B messages by verifying that the entities conform to aviation constraints related to aircraft flight tracks, radar readings, and flight reports. We evaluate the computational performance of the proposed constraints-based detection approach with several ADS-B attack scenarios in a simulated ATC environment. We demonstrate how ontologies can be used for anomaly detection in a real-time environment and call for future work to investigate ways to improve the computational performance of such an approach.

Cryptography and Security

Jingyi Zhu,Xiufeng Liu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109113

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Gongyousheng Cui,Yuchun Zhang,Haowen Tao,Xineng Yan,Zihao Liu

DOI: https://doi.org/10.1016/j.heliyon.2024.e36936

IF: 3.776

2024-08-26

Heliyon

Abstract:Emergency response plans for tunnel vehicle accidents are crucial to ensure human safety, protect critical infrastructure, and maintain the smooth operation of transportation networks. However, many decision-support systems for emergency responses still rely significantly on predefined response strategies, which may not be sufficiently flexible to manage unexpected or complex incidents. Moreover, existing systems may lack the ability to effectively respond effectively to the impact different emergency scenarios and responses. In this study, semantic web technologies were used to construct a digital decision-support system for emergency responses to tunnel vehicle accidents. A basic digital framework was developed by analysing the knowledge system of the tunnel emergency response, examining its critical elements and intrinsic relationships, and mapping it to the ontology. In addition, the strategies of previous pre-plans are summarised and transformed into semantic rules. Finally, different accident scenarios were modelled to validate the effectiveness of the developed emergency response system.

Shuning Hou,Xiuzhen Chen,Jin Ma,Zhihong Zhou,Haiyang Yu

DOI: https://doi.org/10.3389/fenrg.2022.928919

IF: 3.4

2022-06-16

Frontiers in Energy Research

Abstract:With the development of automobile intelligence, the security of the Internet of Vehicles has become a key factor that affects the development of intelligent vehicles. However, existing security risk analysis methods for the IoV either focus only on certain levels, such as the component level, or perform only a static analysis. This paper proposes a dynamic attack graph generation method for the IoV to identify and visually display the security risks caused by the associated vulnerabilities in an IoV system. First, using the actual architecture of the IoV, this paper shows how to model the security elements and their relationships in the IoV system and proposes a network security ontology model for this system. Second, it shows how to construct a reasoning rule base according to the causal relationship between the vulnerabilities using the Semantic Web Rule Language Finally, in view of the rapid change in the network topology of the IoV, a dynamic attack graph generation algorithm based on an ontology reasoning engine is proposed, which can effectively reduce the overhead caused by the changes in the attack graph. The effectiveness of the algorithm is demonstrated through an actual security event scenario and a constructed scenario. The experimental results show that the algorithm can dynamically and accurately display the network attack graph of the IoV. The proposed method is helpful in globally analyzing the threat caused by the combined exploitation of the vulnerabilities in an IoV system and risk management.

energy & fuels

Wilson Wong,Wei Liu,Saujoe Liaw,Nicoletta Balliu,Hongwei Wu,Moses Tade

DOI: https://doi.org/10.48550/arXiv.0812.3478

2008-12-18

Abstract:The need for domain ontologies in mission critical applications such as risk management and hazard identification is becoming more and more pressing. Most research on ontology learning conducted in the academia remains unrealistic for real-world applications. One of the main problems is the dependence on non-incremental, rare knowledge and textual resources, and manually-crafted patterns and rules. This paper reports work in progress aiming to address such undesirable dependencies during ontology construction. Initial experiments using a working prototype of the system revealed promising potentials in automatically constructing high-quality domain ontologies using real-world texts.

Artificial Intelligence

Dandan Wu,Jie Chen,Ruiyun Xie,Ke Chen

DOI: https://doi.org/10.1631/fitee.2300662

IF: 2.526

2024-10-01

Frontiers of Information Technology & Electronic Engineering

Abstract:The construction of an integrated solution for cyberspace defense with dynamic, flexible, and intelligent features is a new idea. To solve the problem whereby traditional static protection methods cannot respond to various network attacks or security demands in an adversarial network environment in time, and to form a complete integrated solution from "threat discovery" to "decision-making generation," we propose an ontology-based security model, OntoCSD, for an integrated solution of cyberspace defense that uses Web ontology language (OWL) to represent the ontology classes and relationships of threat monitoring, decision-making, response, and defense in cyberspace, and uses semantic Web rule language (SWRL) to design the defensive reasoning rules. OntoCSD can discover potential relationships among network attacks, vulnerabilities, the security state, and defense strategies. Further, an artificial intelligence (AI) expert system based on case-based reasoning (CBR) is used to quickly generate a detailed and comprehensive decision-making scheme. Finally, through Kendall's coefficient of concordance ( W ) and four experimental cases in a typical computer network defense (CND) system, which reasons on represented facts and the ontology, OntoCSD's consistency and its feasibility to solve the issues in the field of cyberspace defense are validated. OntoCSD supports automatic association and reasoning, and provides an integrated solution framework of cyberspace defense.

engineering, electrical & electronic,computer science, information systems, software engineering

Tiancheng Cao,Wenxin Mu,Juanqiong Gou,Liyu Peng

DOI: https://doi.org/10.1111/risa.13506

2020-05-25

Risk Analysis

Abstract:<p>With the application of risk management and accident response in the railway domain, risk detection and prevention have become key research topics. Many dangers and associated risk sources must be considered in collaborative scenarios of heavy‐haul railways. In these scenarios, (1) various risk sources are involved in different data sources, and context affects their occurrence, (2) the relationships between contexts and risk sources in the accident cause mechanism need to be explicitly defined, and (3) risk knowledge reasoning needs to integrate knowledge from multiple data sources to achieve comprehensive results. To express the association rules among core concepts, this article constructs two ontologies: The accident‐risk ontology and the context ontology. Concept analysis is based on railway domain knowledge and accident analysis reports. To sustainably integrate knowledge, an integrated evolutionary model called scenario‐risk‐accident chain ontology (SRAC) is constructed by introducing new data sources. The SRAC is integrated through expert rules between the two ontologies, and its evolution process involves new knowledge through a new risk source database. After three versions of the upgrade process, potential risk sources can be mined and evaluated in specific contexts. To evaluate the risk source level, a long short‐term memory (LSTM) neural network model is used to capture context and risk text features. A model comparison for different neural network structures is performed to find the optimal evaluation results. Finally, new concepts, such as risk source level, and new instances are updated in the context‐aware risk knowledge reasoning framework.</p>

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Damodar Panigrahi,Shaswata Mitra,Subash Neupane,Sudip Mittal,Benjamin A. Blakely

2024-11-24

Abstract:Cyberattacks are becoming increasingly difficult to detect and prevent due to their sophistication. In response, Autonomous Intelligent Cyber-defense Agents (AICAs) are emerging as crucial solutions. One prominent AICA agent is the Intrusion Response System (IRS), which is critical for mitigating threats after detection. IRS uses several Tactics, Techniques, and Procedures (TTPs) to mitigate attacks and restore the infrastructure to normal operations. Continuous monitoring of the enterprise infrastructure is an essential TTP the IRS uses. However, each system serves different purposes to meet operational needs. Integrating these disparate sources for continuous monitoring increases pre-processing complexity and limits automation, eventually prolonging critical response time for attackers to exploit. We propose a unified IRS Knowledge Graph ontology (IRSKG) that streamlines the onboarding of new enterprise systems as a source for the AICAs. Our ontology can capture system monitoring logs and supplemental data, such as a rules repository containing the administrator-defined policies to dictate the IRS responses. Besides, our ontology permits us to incorporate dynamic changes to adapt to the evolving cyber-threat landscape. This robust yet concise design allows machine learning models to train effectively and recover a compromised system to its desired state autonomously with explainability.

Cryptography and Security,Artificial Intelligence,Machine Learning