Published: December 3, 2023
Author(s)
Khandakar Akbar (University of Texas at Dallas), Fahim Rahman (University of Texas at Dallas), Anoop Singhal (NIST), Latifur Khan (University of Texas at Dallas), Bhavani Thuraisingham (University of Texas at Dallas)
Conference
Name: 19th International Conference on Information and Systems Security (ICISS 2023)
Dates: 12/16/2023 - 12/20/2023
Location: Raipur, India
Citation: Information Systems Security, vol. 14424, pp. 23-41
Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT&CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these independent data sources is time-consuming and impractical in highstakes situations. By adopting an ontology-based approach, these cybersecurity resources can be unified, enabling a holistic view of the threat landscape. Additionally, leveraging semantic query languages empowers analysts to make the most of existing data sources. This paper explores how through the application of a semantic query language (SPARQL) on a unified cybersecurity ontology, analysts can effectively exploit the information contained within these resources to strengthen their defense strategies against cyber threats.
Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT&CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these independent data sources is time-consuming and...
See full abstract
Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT&CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these independent data sources is time-consuming and impractical in highstakes situations. By adopting an ontology-based approach, these cybersecurity resources can be unified, enabling a holistic view of the threat landscape. Additionally, leveraging semantic query languages empowers analysts to make the most of existing data sources. This paper explores how through the application of a semantic query language (SPARQL) on a unified cybersecurity ontology, analysts can effectively exploit the information contained within these resources to strengthen their defense strategies against cyber threats.
Hide full abstract
Keywords
ontology; OWL; SPARQL; cybersecurity
Control Families
None selected
