ABSTRACT
Global corporations and government organizations are nowadays represented in cyberspace in the form of numerous large-scale heterogeneous information systems, which implement corresponding business, technological and other types of processes. This extends the set of security analysis tasks, stated for these infrastructures, and tangles already existing tasks. This paper addresses the challenge of increasing penetration testing automation level through the adoption of semi-automatic knowledge extraction from the huge amounts of heterogeneous regularly updated data. The proposed solution is based on the novel penetration testing ontology, which gives a holistic view on the results of security analysis. Designed ontology is evaluated within the penetration testing framework prototype and binds together the conceptual (process) abstraction level, addressed by security experts, and technical abstraction level, employed in modern security analysis tools and methods.
- Weske, M. Concepts, Languages, Architectures (Vol. 14). Berlin: Springer-Verlag. New York, Inc., Secaucus, NJ, United States, 2007. Google ScholarDigital Library
- Ju An Wang and Minzhe Guo. OVM: An ontology for vulnerability management. In Proceedings of the CSIIRW'09, pages 34:1--34:4, New York, NY, USA, 2009. Google ScholarDigital Library
- Commercially Available Penetration Testing Best Practice Guide, CPNI, available at: http://www.cpni.gov.uk/Documents/Publications/2006/2006030-GPG_Penetration_testing.pdfGoogle Scholar
- OWASP Testing Guide, available at: https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdfGoogle Scholar
- Sharma, N. The DIKW origin, available at: http://www-personal.si.umich.edu/~nsharma/dikw_origin.htm, 2004.Google Scholar
- T. Berners-Lee, J. Hendler, O. Lassila, "The semantic web", Scientific American, no. 284, pp. 35--43, 2001.Google Scholar
- T. Berners-Lee, "Linked data", available at: http://www.w3.org/DesignIssues/LinkedData.htmlGoogle Scholar
- A. McIlraith, T. C. Son, H. Zeng, "Semantic Web Services," IEEE Intelligent Systems, vol. 16, pp. 46--53, 2001. Google ScholarDigital Library
- Daiyi Lia et al. An ontology-based knowledge representation and implement method for crop cultivation standard. Mathematical and Computer Modelling V.58, 2013, 466--473.Google ScholarCross Ref
- Yuh-Jen Chen, Development of a method for ontology-based empirical knowledge representation and reasoning. Decision Support Systems, Volume 50, Issue 1, December 2010, Pages 1--20. Google ScholarDigital Library
- Jiangning Wu. A Framework for Ontology-Based Knowledge Management System, available at http://www.iiasa.ac.at/~marek/ftppub/Pubs/csm05/wu.pdf.Google Scholar
- Rodriguez-Muro, M., Kontchakov, R., Zakharyaschev, M.: Ontology-based data access: Ontop of databases. In: Proc. of the 12th Int. Semantic Web Conf. (ISWC 2013). vol. 8218, pp. 558--573. Springer (2013). Google ScholarDigital Library
- Hari Rajagopal, JENA: A Java API for Ontology Management. Colorado Software Summit, October 23--28, 2005.Google Scholar
- Gruber, T. R. 1995. Toward Principles for the Design of Ontologies Used for Knowledge Sharing. International Journal of Human and Computer Studies, 43(5/6): 907--928. Google ScholarDigital Library
- Roussey Catherine, Pinet François, Kang Myoung-Ah, Corcho Oscar. An Introduction to Ontologies and Ontology Engineering. Chapter in: Use of Ontologies to Support Information Interoperability, 2010, Springer, p. 9--38.Google Scholar
- Fonseca, F., Egenhofer, M., Davis, C., Borges, K.: Ontologies and knowledge sharing in Urban GIS. Comput. Environ. Urban. Syst. 24(3), 232--251 (2000).Google ScholarCross Ref
- Fonseca, F., Davis, C., Camara, G.: Bridging ontologies and conceptual schemas in geographic applications development. Geoinformatica 7(4), 355--378 (2003) Google ScholarDigital Library
- De Mauro, Andrea; Greco, Marco; Grimaldi, Michele (2015). "What is big data? A consensual definition and a review of key research topics". AIP Conference Proceedings 1644: 97--104.Google ScholarCross Ref
- McAfee. SIEM: Keeping Pace with Big Security Data, available at http://www.mcafee.com/ca/resources/reports/rp-siem-keeping-pace-big-security-data.pdf.Google Scholar
- Kotenko, I. & Novikova, E., 2013. Analytical Visualization Techniques for Security Information and Event Management, 2013, 21st Euromicro International Conference, pp. 519--525. Google ScholarDigital Library
- Blake Bryant, 2014, A Method for Implementing Intention-Based Attack Ontologies with SIEM Software. FishNet.Google Scholar
- Palo Alto Networks® and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats, 2013.Google Scholar
- Jansse, T., Grady, N., Big Data for Combating Cyber Attacks, Semantic Technology for Intelligence, Defense and Security (STIDS 2013).Google Scholar
- Michael Atighetchi et al. Federated Access to Cyber Observables for Detection of Targeted Attacks, Military Communications Conference (MILCOM 2014), Baltimore, MD, October 6-8, 2014. Google ScholarDigital Library
- Farah Layouni, Yann Pollet. An Ontology-Based Architecture for Federated Identity Management. AINA '09 Proceedings of the 2009 International Conference on Advanced Information Networking and Applications, pages 162--166. Google ScholarDigital Library
- M. Marques et al., An Ontological Approach to Mitigate Risk in Web Applications. In the Proceedings of SBSeg 2014.Google Scholar
- F.-H. Liu et al., Constructing Enterprise Information Network Security Risk Management Mechanism by Ontology. Tamkang Journal of S. and En., Vol. 13-1, pp. 79--87 (2010).Google Scholar
- Kamongi, P. et al. VULCAN: Vulnerability Assessment Framework for Cloud Computing. 2013 IEEE 7th International Conference, 2013, Page(s): 218--226. Google ScholarDigital Library
- Ju An Wang, Minzhe Guo: OVM: an ontology for vulnerability management. CSIIRW 2009: p. 34.Google Scholar
- Henk Birkholz et al. Enhancing Security Testing via Automated Replication of IT-Asset Topologies. Proceedings of ARES '13, Pages 341--349. Google ScholarDigital Library
- Atilla Elçi. Isn't the Time Ripe for a Standard Ontology on Security of Information and Networks, SIN '14 Proceedings, p. 1. Google ScholarDigital Library
- HL7 Version 3 Standard: Security and Privacy Ontology, Release 1, May 2014.Google Scholar
- Tatiana Stepanova, Dmitry P. Zegzhda: Applying Large-scale Adaptive Graphs to Modeling Internet of Things Security. SIN 2014: 479. Google ScholarDigital Library
- Dmitry P. Zegzhda, Tatiana Stepanova: Stochastic Model of Interaction between Botnets and Distributed Computer Defense Systems. MMM-ACNS 2012: 218--225. Google ScholarDigital Library
- York Sure, Steffen Staab, Rudi Studer. Ontology Engineering Methodologies (2006), In Semantic Web Technologies: Trends and Research in Ontology-based Systems, Pages 71--79.Google Scholar
- A. Zouaq et al. A Survey of Domain Ontology Engineering: Methods and Tools. Advances in Intelligent Tutoring Systems Studies in Computational Intelligence, 2010, pp 103--119.Google Scholar
- T. Takahashi, H. Fujiwara, Y. Kadobayashi, "Building Ontology of Cybersecurity Operational Information", 6th Annual Cyber Security and Information Intelligence Research Workshop, Apr. 2010. Google ScholarDigital Library
- FOAF Vocabulary Specification 0.99, Namespace Document 14 January 2014, available at http://xmlns.com/foaf/spec/.Google Scholar
- Anna Estellés, Amparo Alcina. A model for formalizing characteristics in Protégé-OWL, available at http://ceur-ws.org/Vol-578/paper16.pdfGoogle Scholar
- Krassimir Markov, Vitalii Velychko, Oleksy Voloshin (ed.) Information Models of Knowledge ITHEA® Kiev, Ukraine -- Sofia, Bulgaria, 2010.Google Scholar
- Horrocks, I., Patel-Schneider, P. F., van Harmelen, F.: From SHIQ and RDF to OWL: The making of a web ontology language. J. of Web Semantics 1 (2003).Google Scholar
- Simone Braun et al. The Ontology Maturing Approach for Collaborative and Work Integrated Ontology Development: Evaluation Results and Future Directions, 2013.Google Scholar
- Markel Vigo et al. Overcoming the pitfalls of ontology authoring: Strategies and implications for tool design, Open Access funded by Engineering and Physical Sciences Research Council, 2014.Google Scholar
- Timea Bagosi et al. The Ontop Framework for Ontology Based Data Access, available at http://www.ghxiao.org/publications/2014-csws-ontop.pdf, 2014.Google Scholar
- Calvanese, D., De Giacomo, G., Lembo, D., Lenzerini, M., Poggi, A., Rodríguez-Muro, M., Rosati, R.: Ontologies and databases: The DL-Lite approach. In: 5th Int. Reasoning Web Summer School Tutorial Lectures (RW 2009), vol. 5689, pp. 255--356. Springer (2009). Google ScholarDigital Library
Index Terms
- Ontology-based big data approach to automated penetration testing of large-scale heterogeneous systems
Recommendations
A Brief Survey on Big Data in Healthcare
This article presents a brief introduction to big data and big data analytics and also their roles in the healthcare system. A definite range of scientific researches about big data analytics in the healthcare system have been reviewed. The definition ...
Responsible Big Data Analytics for E-Business Services
ICBDR '21: Proceedings of the 5th International Conference on Big Data ResearchThis paper examines responsible big data analytics for e-business services and looks at how to use responsible big data analytics to obtain responsible e-business services. It addresses why responsibility matters to big data analytics and e-business ...
Comments