Ontology-based Cyber Risk Monitoring Using Cyber Threat Intelligence

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI:10.1145/3465481.3470024

Yazid Merah, Tayeb Kenaza

{"title":"Ontology-based Cyber Risk Monitoring Using Cyber Threat Intelligence","authors":"Yazid Merah, Tayeb Kenaza","doi":"10.1145/3465481.3470024","DOIUrl":null,"url":null,"abstract":"Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3470024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.

查看原文本刊更多论文

基于本体的网络风险监控与网络威胁情报

有效的网络风险评估需要考虑网络中部署的网络安全解决方案提供的所有安全警报。为了建立可靠的网络风险概览，有必要对与该风险相关的新出现的网络威胁进行持续监测。事实上，将网络威胁情报(CTI)集成到网络安全解决方案中可以提供有关威胁、目标和潜在漏洞的宝贵信息。结构化威胁信息表达(STIX)作为一种以结构化和明确的方式表达网络威胁信息的语言，正在成为网络威胁信息共享的事实上的标准。此外，基于本体的语义知识建模已经成为一种很有前途的解决方案，它为网络安全问题的下游工作提供了一种机器可读的语言。本文提出了一种基于CTI的风险监测本体。后者通过扩展现有本体并使其与STIX概念保持一致，改进了现有本体，该本体最初建议在SIEM(安全信息事件管理)中使用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 16th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量