Developing An Ontology Of Cyber-Operations In Networks Of Computers

Many detection techniques have been proposed until now that struggle to keep up with the inherent complexity of applications, networks and protocols, resulting also in the growing rate of attacks that exploit them. Security frameworks that are created using an ontological approach are the next-gen systems of defense that have some advantages over the conventional techniques because they can capture the context of information and are capable to filter these contents depending on some certain factors. This paper proposes a method of creating an ontology that can be used for improving detection capabilities of attacks at all application levels. The ontology serves as a data model and knowledge base of the cyberoperations domain that conceptualizes and stores various types of data needed in the process of detecting an aware situation, such as information about attacks (types), OSI stack levels to which are targeted (software, network, hardware), countermeasure methods, resources necessary, knowledge required etc. The quality of the proposed model was assessed using a methodology known as OntoClean, that is a comprehensive suite of metrics for ontology evaluation that can comprise up to 15 criteria, as will be discussed during this paper. The ontology was tested in attack detection using a prototype web application firewall. In the evaluation process we used the famous dataset Kyoto2006+ proposed by the University of Kyoto in this scope. The results yielded for attacks detection by our proposed system were compared to other existing security solutions, like ModSecurit and Snort. In the conclusion section are stated the future directions of this research towards constructing reliable systems for cyber-security.