ABSTRACT
Development of metrics that are valuable for assessing security and decision making is an important element of efficient counteraction to cyber threats. The paper proposes an ontology of metrics for cyber security assessment. The developed ontology is based on determining the concepts and relations between primary features of initial security data and forming a set of hierarchically interconnected security metrics. The paper describes the main classes of the proposed ontology, the revealed relations, the involved security metrics, and the used data sources. The publicly available sources of security data are analyzed to get primary security metrics. Application of the approach is shown on a case study. The main feature of the proposed ontology is representation of security metrics as separate instances of ontology. It allows using the relations between the concepts of ontology for calculating integral metrics reflecting the security state.
- Igor Kotenko, Elena Doynikova, Andrey Fedorchenko and Andrey Chechulin. 2018. An ontology-based hybrid storage of security information. Information Technology and Control 18, 3.Google Scholar
- Elena Doynikova, Igor Kotenko. 2018. Approach for determination of cyber attack goals based on the ontology of security metrics. In Proceedings of the IOP Conference Series: Materials Science and Engineering, Vol. 450: Data protection in automation systems.Google ScholarCross Ref
- Matthew Horridge. 2011. A practical guide to building OWL ontologies using Protege 4 and CO-ODE tools. The University Of Manchester.Google Scholar
- Protege User Documentation. Retrieved May 20, 2019 from https://protegewiki.stanford.edu/wiki/Main_Page.Google Scholar
- Web Ontology Language Overview. Retrieved May 20, 2019 from https://www.w3.org/TR/owl-features.Google Scholar
- Golnaz Elahi, Eric Yu, Nicola Zannone. 2009. A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. Lecture Notes in Computer Science 5829, 99--114. Google ScholarDigital Library
- Minzhe Guo, Ju An Wang. 2009. An ontology-based approach to model Common Vulnerabilities and Exposures in information security. In Proceedings of the 2009 ASEE Southeast Section Conference.Google Scholar
- Ju An Wang, Minzhe Guo. 2009. Security data mining in an ontology for vulnerability management. In Proceedings of the International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing. Shanghai, 597--603. Google ScholarDigital Library
- Gustavo Gonzalez Granadillo, Yosra Ben Mustapha, Nabil Hachem and Herve Debar. 2012. An ontology-based model for SIEM environments, Global Security, Safety and Sustainability & e-Democracy. Springer Berlin Heidelberg.Google Scholar
- Igor Kotenko, Olga Polubelova, Igor Saenko and Elena Doynikova. 2013. The ontology of metrics for security evaluation and decision support in SIEM systems. In Proceedings of the ARES 2013. Google ScholarDigital Library
- Mary C. Parmelee. 2010. Toward an ontology architecture for cyber-security standards. In Proceedings of the 2010 Semantic Technology for Intelligence, Defense, and Security. Fairfax, 116--123.Google Scholar
- Zareen Syed, Ankur Padia, Tim Finin, Lisa Mathews and Anupam Joshi. 2016. UCO: a Unified Cybersecurity Ontology. In Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security. Phoenix, Arizona, USA, 195--202.Google Scholar
- Unified Cybersecurity Ontology. Retrieved May 20, 2019 from https://github.com/Ebiquity/Unified-Cybersecurity-Ontology.Google Scholar
- Sara Javanmardi, Morteza Amini, Rasool Jalili and Yasser Ganjisaffar. 2006. SBAC: a Semantic-Based Access Control model.Google Scholar
- Bruno Mozzaquatro, Raquel Melo, Carlos Agostinho and Ricardo Jardim-Goncalves. 2016. An ontology-based security framework for decision-making in industrial systems. In Proceedings of the 4th International Conference on Model-Driven Engineering and Software Development, 779--788.Google ScholarCross Ref
- Claudia Marinica. 2010. Association Rule Interactive Post-processing using Rule Schemas and Ontologies - ARIPSO.Google Scholar
- Adi Aviad, Krzysztof Węcel, Witold Abramowicz. 2015. The semantic aproach to cyber security. Towards ontology based body of knowledge. In Proceedings of the 14th European Conference on Cyber Warfare and Security, 328--336.Google Scholar
- Igor Kotenko, Andrey Fedorchenko and Andrey Chechulin. 2015. Integrated repository of security information for network security evaluation. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 6, 41--57.Google Scholar
- Elena Doynikova, Igor Kotenko. 2017. CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection. In Proceedings of the 25th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2017). IEEE, St. Petersburg, Russia.Google ScholarCross Ref
- Peter M. Mell, Karen A. Scarfone and Sasha Romanosky. 2007. A Complete Guide to the Common Vulnerability Scoring System Version 2.0. FIRST Forum Incident Response Security Teams.Google Scholar
- David Waltermire, Paul Cichonski and Karen Scarfone. 2011. Common Platform Enumeration: Applicability Language Specification Version 2.3. NISTIR 7698.Google Scholar
- FIRST. 2015. Common Vulnerability Scoring System v3.0: Specification Document. Forum Incid Response Secur Teams.Google Scholar
- Elena Doynikova, Andrey Chechulin and Igor Kotenko. 2017. Analytical attack modeling and security assessment based on the common vulnerability scoring system. In Proceedings of the FRUCT 2017. Google ScholarDigital Library
Recommendations
A Survey on Systems Security Metrics
Security metrics have received significant attention. However, they have not been systematically explored based on the understanding of attack-defense interactions, which are affected by various factors, including the degree of system vulnerabilities, ...
The Ontology of Metrics for Security Evaluation and Decision Support in SIEM Systems
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and SecurityAnalysis of computer network security is a serious challenge. Many security metrics has been proposed for this purpose, but their effective use for rapid and reliable security evaluation and generation of countermeasures in SIEM systems remains an ...
Designing Sound Security Metrics
This article begins with an introduction to security metrics, describing the need for security metrics, followed by a discussion of the nature of security metrics, including the challenges found with some security metrics used in the past. The article ...
Comments