Ontology-Driven Data Semantics Discovery for Cyber-Security

Balduccini, Marcello; Kushner, Sarah; Speck, Jacquelin A.

doi:10.1007/978-3-319-19686-2_1

Cited by 16 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…iACE uses a set of regular expressions and common context terms extracted from iocterms to identify the IOC tokens, such as IP and MD5 string. Balduccini et al [18] design a set of regular expressions for matching each entity contained in the file of cyber assets. However, due to the unstructured characteristics and diversity of many security entities, it is very difficult to construct rules for all these types of entity.…”

Section: A Rule-based Entity Extraction Methodsmentioning

confidence: 99%

“…The rule-based methods can extract named entity with good accuracy in a simple manner when the to-be-extracted information follows regular speech patterns such as email address, host IP, and Common Vulnerabilities and Exposures (CVE) [17], [18]. However, these methods are not suitable for complex situations while to-be-extracted entity includes many variations or comes from irregular structured text, which is more in line with the actual situation on the network.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity Named Entity Recognition Using Multi-Modal Ensemble Learning

et al. 2020

View full text Add to dashboard Cite

Cybersecurity named entity recognition is an important part of threat information extraction from large-scale unstructured text collection in many cybersecurity applications. Most existing security entity recognition studies and systems use regular matching strategy or machine learning algorithms. Due to the peculiarity and complexity of security named entity, these models ignore the characteristic of security data and the correlation of entities. Therefore, through the in-depth study of security entity characteristic, we propose a novel security named entity recognition model based on regular expressions and known-entity dictionary as well as conditional random fields (CRF) combined with four feature templates. This model is named RDF-CRF. The rule-based expressions can match security entities with good accuracy in simpler situations, the known-entity dictionary can extract common and specific security entity, and the CRF-based extractor leverages the identified entities by rule-based and dictionary-based extractors to further improve the recognition performance. In order to demonstrate the effectiveness of our proposed model, extensive experiments are performed on a security text dataset collected from public security webs. The experimental results show that can achieve better performance than state-of-the-art methods.

show abstract

Section: A Rule-based Entity Extraction Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cybersecurity Named Entity Recognition Using Multi-Modal Ensemble Learning

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Ontology-Based Data Access (OBDA) systems (see e.g. [13,2]) such as Ontop, allow for semantic queries about an ontology to be interpreted over concrete data -using engines such as NoSQL, Hadoop, MapReduce and so forth. This is achieved through mappings that mediate between the semantic layer of ontologies and the concrete data.…”

Section: Related Workmentioning

confidence: 99%

“…where the first rule states that any property π can be true or false 2 and the second says that holds(γ, 0) must be true in every solution/answer returned. For illustration, let us complete the partial design: obs(basicOne, true), obs(cam boot[sec], true), obs(cam[rate25fps], false), obs(SAM mem[encr], true), obs(SAM boot[sec], true).…”

Section: Reasoningmentioning

confidence: 99%

Ontology-based Reasoning about the Trustworthiness of Cyber-physical Systems

Balduccini

Griffor²,

Huth

et al. 2018

Living in the Internet of Things: Cybersecurity of the IoT - 2018

View full text Add to dashboard Cite

It has been challenging for the technical and regulatory communities to formulate requirements for trustworthiness of the cyber-physical systems (CPS) due to the complexity of the issues associated with their design, deployment, and operations. The US National Institute of Standards and Technology (NIST), through a public working group, has released a CPS Framework that adopts a broad and integrated view of CPS and positions trustworthiness among other aspects of CPS. This paper takes the model created by the CPS Framework and its further developments one step further, by applying ontological approaches and reasoning techniques in order to achieve greater understanding of CPS. The example analyzed in the paper demonstrates the enrichment of the original CPS model obtained through ontology and reasoning and its ability to deliver additional insights to the developers and operators of CPS.

show abstract

“…Thus, NER in CTI plays a major role in supporting and achieving cybersecurity research. Researches about NER in CTI have been widely pursued in recent years, and they can be summarized in the following three categories: rules-based [2], [3], [4], [5], [6], statistical characteristicsbased [7], [8], [9], [10], [11] and deep learning-based [12], [13], [14], [15], [16], [17], [18], [19].…”

Section: Introductionmentioning

confidence: 99%

Multi-features based Semantic Augmentation Networks for Named Entity Recognition in Threat Intelligence

Li¹,

Li²,

Wang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Extracting cybersecurity entities such as attackers and vulnerabilities from unstructured network texts is an important part of security analysis. However, the sparsity of intelligence data resulted from the higher frequency variations and the randomness of cybersecurity entity names makes it difficult for current methods to perform well in extracting security-related concepts and entities. To this end, we propose a semantic augmentation method which incorporates different linguistic features to enrich the representation of input tokens to detect and classify the cybersecurity names over unstructured text. In particular, we encode and aggregate the constituent feature, morphological feature and part of speech feature for each input token to improve the robustness of the method. More than that, a token gets augmented semantic information from its most similar K words in cybersecurity domain corpus where an attentive module is leveraged to weigh differences of the words, and from contextual clues based on a large-scale general field corpus. We have conducted experiments on the cybersecurity datasets DNRTI and MalwareTextDB, and the results demonstrate the effectiveness of the proposed method.

show abstract

Ontology-Driven Data Semantics Discovery for Cyber-Security

Cited by 16 publications

References 10 publications

Cybersecurity Named Entity Recognition Using Multi-Modal Ensemble Learning

Cybersecurity Named Entity Recognition Using Multi-Modal Ensemble Learning

Ontology-based Reasoning about the Trustworthiness of Cyber-physical Systems

Multi-features based Semantic Augmentation Networks for Named Entity Recognition in Threat Intelligence

Contact Info

Product

Resources

About