A Tool for Security Requirements Recommendation using Case-Based Problem Domain Ontology

Abstract

With the significant increase of various cyber threats, the strategies of the attacks are becoming more diverse. In particular, more attention needs to be paid to Advanced Persistent Threat (APT) attacks since these attacks are continuously performed on a specific target for an apparent purpose through numerous tactics and techniques without being discovered for a long time. Although it is difficult to detect and respond to such APT attacks, it is more challenging to elicit security requirements that sufficiently reflect these complex characteristics for proactive defense. To address this problem, we propose a tool that recommends security requirements for APT attacks using the Case-Based Problem Domain Ontology specialized for APT attacks.