MALOnt: An Ontology for Malware Threat Intelligence

Rastogi, Nidhi; Dutta, Sharmishtha; Zaki, Mohammed J.; Gittens, Alex; Aggarwal, Charų C.

doi:10.1007/978-3-030-59621-7_2

Cited by 38 publications

(29 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ontology modeling is a means to formally model the structure of a system, which is useful for Cyber Threat Intelligence (CTI) analysis. At present, researchers have developed the open ontology for the security of IoT ecosystem elements [17][18][19][20], relating them with existing security concepts, primitives, weaknesses, vulnerabilities, and practices [21][22][23][24]. Researchers have conducted in-depth research on CTI analysis and ontology modeling in cyber security.…”

Section: Related Workmentioning

confidence: 99%

“…Jia et al [17] built a cyber security ontology based on assets, vulnerabilities, and attacks; they proposed a practical method for constructing a cyber security knowledge graph, and inferred new rules based on the fivetuple model of the cyber security knowledge base. Rastogi et al [18] designed a malware ontology called MALOnt, which contained concepts such as malware characteristics, attack behavior, and detailed information about the attacker. It supported the collection of intelligence on malware threats from different online sources, and built a knowledge graph framework based on MALOnt.…”

Section: Related Workmentioning

confidence: 99%

“…The current cyber security ontology models focus on different scopes of information. Some models focus on the integration of IoT assets, vulnerabilities, and weaknesses [19,43,49], and some models focus on modeling attack in the IoT environment [12,18,20,39,50,51]. Our proposed ontology model focuses on the information on IoT assets, vulnerabilities, weaknesses, attack patterns, techniques, and tactics, which gives a holistic view of the cyber security situation and is more comprehensive than the other models.…”

Section: Rule-7：mentioning

confidence: 99%

See 2 more Smart Citations

Multi-Source Knowledge Reasoning for Data-Driven IoT Security

Zhang

Bai

et al. 2021

Sensors

View full text Add to dashboard Cite

Nowadays, there are different kinds of public knowledge bases for cyber security vulnerability and threat intelligence which can be used for IoT security threat analysis. However, the heterogeneity of these knowledge bases and the complexity of the IoT environments make network security situation awareness and threat assessment difficult. In this paper, we integrate vulnerabilities, weaknesses, affected platforms, tactics, attack techniques, and attack patterns into a coherent set of links. In addition, we propose an IoT security ontology model, namely, the IoT Security Threat Ontology (IoTSTO), to describe the elements of IoT security threats and design inference rules for threat analysis. This IoTSTO expands the current knowledge domain of cyber security ontology modeling. In the IoTSTO model, the proposed multi-source knowledge reasoning method can perform the following tasks: assess the threats of the IoT environment, automatically infer mitigations, and separate IoT nodes that are subject to specific threats. The method above provides support to security managers in their deployment of security solutions. This paper completes the association of current public knowledge bases for IoT security and solves the semantic heterogeneity of multi-source knowledge. In this paper, we reveal the scope of public knowledge bases and their interrelationships through the multi-source knowledge reasoning method for IoT security. In conclusion, the paper provides a unified, extensible, and reusable method for IoT security analysis and decision making.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Rule-7：mentioning

confidence: 99%

See 1 more Smart Citation

Multi-Source Knowledge Reasoning for Data-Driven IoT Security

Zhang

Bai

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…Pingle et al [8] developed a neural network based relationship extractor that works as a classifier to establish relationship between pairs of entities. Recently, more ontologies are being created for CTI representation [17].…”

Section: A Cybersecurity Knowledge Graphsmentioning

confidence: 99%

Cybersecurity Knowledge Graph Improvement with Graph Neural Networks

Dasgupta¹,

Piplai

Ranade

et al. 2021

2021 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

show abstract

“…Cyber defense benefits from synergy and cooperation, but sharing and interpreting various threat intelligence reports and databases requires standardized formats and protocols for the analysts to have a common language [14]. Thus, there has been extensive research done for constructing taxonomies and ontologies in order to standardize the formats of linked data on threat intelligence such as software and system vulnerabilities, malware [15], and attacks in general [2,1]. Using these types of ontologies to provide formalism and structure, various framework-type approaches to situational cyber awareness have been developed, for instance for different vulnerabilities, assets and network topologies during cyber attacks [6,16,17,18,4].…”

Section: Related Workmentioning

confidence: 99%

Knowledge mining of unstructured information: application to cyber-domain

Takko¹,

Bhattacharya²,

Lehto³

et al. 2021

Preprint

View full text Add to dashboard Cite

Cyber intelligence is widely and abundantly available in numerous open online sources with reports on vulnerabilities and incidents. This constant stream of noisy information requires new tools and techniques if it is to be used for the benefit of analysts and investigators in various organizations. In this paper we present and implement a novel knowledge graph and knowledge mining framework for extracting relevant information from free-form text about incidents in the cyber domain. Our framework includes a machine learning based pipeline as well as crawling methods for generating graphs of entities, attackers and the related information with our non-technical cyber ontology. We test our framework on publicly available cyber incident datasets to evaluate the accuracy of our knowledge mining methods as well as the usefulness of the framework in the use of cyber analysts. Our results show analyzing the knowledge graph constructed using the novel framework, an analyst can infer additional information from the current cyber landscape in terms of risk to various entities and the propagation of risk between industries and countries. Expanding the framework to accommodate more technical and operational level information can increase the accuracy and explainability of trends and risk in the knowledge graph.

show abstract

MALOnt: An Ontology for Malware Threat Intelligence

Cited by 38 publications

References 8 publications

Multi-Source Knowledge Reasoning for Data-Driven IoT Security

Multi-Source Knowledge Reasoning for Data-Driven IoT Security

Cybersecurity Knowledge Graph Improvement with Graph Neural Networks

Knowledge mining of unstructured information: application to cyber-domain

Contact Info

Product

Resources

About