A Semantic Model for Security Evaluation of Information Systems

Authors

  • Elena Doynikova St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia https://orcid.org/0000-0001-6707-9153
  • Andrey Fedorchenko St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia https://orcid.org/0000-0002-5727-653X
  • Igor Kotenko St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia https://orcid.org/0000-0001-6859-7120

DOI:

https://doi.org/10.13052/jcsm2245-1439.925

Keywords:

Security evaluation, security assessment, semantics, metrics, ontology, cyber attacks, intelligent data analysis

Abstract

Modern information systems are characterized by huge security related data streams. For cyber security management in such systems, novel models and techniques for efficient processing of these data streams are required. The paper considers development and application of a semantic model for security evaluation. The proposed model is represented as the ontology of metrics that is based on the relations between sources of security related data, primary features of initial security data and goals of security evaluation. The set of hierarchically interconnected security metrics is mapped to the data features and security evaluation goals. The relations between these metrics within the proposed ontology provide the basis for security evaluation technique. The paper introduces the proposed ontology and its foundations, and briefly describes the developed technique. The analysis of data in the open sources is conducted, and the case study is provided to show applicability of the approach.

Downloads

Download data is not yet available.

Author Biographies

Elena Doynikova , St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia

Elena Doynikova received her PhD in St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS) in 2017. In 2015 she was awarded the medal of the Russian Academy of Science in area of computer science, computer engineering and automation. Currently she is a senior researcher of computer security problems laboratory, SPIIRAS. Research interests: information systems security, risk analysis and security decision support methods, security metrics, information security risk management. She is the author of more than 50 publications and has participated in several projects devoted to information systems security research.

Andrey Fedorchenko, St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia

Andrey Fedorchenko is a junior researcher of computer security problems laboratory, SPIIRAS. Research interests: computer network security, intelligent data analysis, intrusion detection, malware. She is the author of more than 40 publications and has participated in several projects devoted to information systems security research.

Igor Kotenko, St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia

Igor Kotenko graduated with honors from St. Petersburg Academy of Space Engineering and St. Petersburg Signal Academy. He obtained the Ph.D. degree in 1990 and the National degree of Doctor of Engineering Science in 1999. He is Professor of computer science and Head of the Laboratory of Computer Security Problems of St. Petersburg Institute for Informatics and Automation. He is the author of more than 500 refereed publications. He has a high experience in the research on computer network security and participated in several projects on developing new security technologies. For example, he was a project leader in the research projects from the US Air Force research department, via its EOARD (European Office of Aerospace Research and Development) branch, EU FP7 and FP6 Projects, HP, Intel, F-Secure, etc. The research results of Igor Kotenko were tested and implemented in more than fifty Russian research and development projects.

References

NIST official website. URL: https://www.nist.gov/ (access date: 01.12.2019).

NVD official website. URL: https://nvd.nist.gov/ (access date: 01.12.2019).

MITRE corporation official website. URL: https://www.mitre.org/ (access date: 01.12.2019).

CWE official website. URL: https://cwe.mitre.org/ (access date: 01.12.2019).

CAPEC official website. URL: https://capec.mitre.org/ (access date: 01.12.2019).

CyBOK official website. URL: https://www.cybok.org/ (access date: 01.12.2019).

I. Kotenko, M. Stepashkin, E. Doynikova, ‘Security analysis of information systems taking into account social engineering attacks’, Proc. of the 19th International Euromicro Conference on Parallel, Distributed, and Network-Based Processing, 2011, 611-618.

I. Kotenko, E. Doynikova, A. Fedorchenko, A. Chechulin, ‘An ontology-based hybrid storage of security information‟, Information Technology and Control’, 18, 3, 2018.

E. Doynikova, I. Kotenko, ‘Approach for determination of cyber attack goals based on the ontology of security metrics’, Proc. of the IOP Conference Series: Materials Science and Engineering, vol. 450, ‘Data protection in automation systems’, 2018.

E. Doynikova, A. Fedorchenko, I. Kotenko, ‘Ontology of Metrics for Cyber Security Assessment’, Proc. of the 14th International Conference on Availability, Reliability and Security (ARES 2019), August 26-29, 2019, Canterbury, United Kingdom, ACM, New York, NY, USA, 8 pages, 2019, https://doi.org/10.1145/3339252.3341496.

IBM official website. IBM QRadar SIEM. URL: https://www.ibm.com/us-en/marketplace/ibm-qradar-siem (access date: 17.09.2019).

Micro Focus official website. ArcSight Enterprise Security Manager (ESM). URL: https://www.microfocus.com/ru-ru/products/siem-security-information-event-management/overview (access date: 17.09.2019).

Splunk official website. Splunk Enterprise Security. URL: https://www.splunk.com/en_us/software/enterprise-security.html (access date: 17.09.2019).

LogRhythm official website. LogRhythm NextGen SIEM Platform. URL: https://logrhythm.com/products/nextgen-siem-platform/ (access date: 17.09.2019).

CVE official website. URL: https://cve.mitre.org/ (access date: 01.12.2019).

OSVDB official website. URL: https://blog.osvdb.org (access date: 01.12.2019).

US-Cert official website. URL: https://www.kb.cert.org/vuls/ (access date: 01.12.2019).

SecurityFocus project official website. URL: http://securityfocus.com (access date: 01.12.2019).

IBM X-Force Exchange official website. URL: https://exchange.xforce.ibmcloud.com/ (access date: 01.12.2019).

Official website. URL: https://www.exploit-db.com (access date: 01.12.2019).

Official website. URL: https://www.metasploit.com (access date: 01.12.2019).

M. Horridge, ‘A practical guide to building OWL ontologies using Protege 4 and CO-ODE tools’, The University Of Manchester, 2011.

Protege User Documentation, retrieved May 20, 2019 from https://protegewiki.stanford.edu/wiki/Main_Page.

Web Ontology Language Overview, retrieved May 20, 2019 from https://www.w3.org/TR/owl-features.

G. Elahi, E. Yu, N. Zannone, ‘A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations’, Lecture Notes in Computer Science 5829, 99-114, 2009.

M. Guo, J. A. Wang, ‘An ontology-based approach to model Common Vulnerabilities and Exposures in information security’, Proc. of the 2009 ASEE Southeast Section Conference, 2009.

J. A. Wang, M. Guo, ‘Security data mining in an ontology for vulnerability management’, Proc. of the International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing, Shanghai, 2009, 597-603.

G. G. Granadillo, Y. B. Mustapha, N. Hachem, H. Debar, ‘An ontology-based model for SIEM environments’, Global Security, Safety and Sustainability & eDemocracy, Springer Berlin Heidelberg, 2012, DOI: 10.1007/978-3-642-334481_21.

I. Kotenko, O. Polubelova, I. Saenko, E. Doynikova, ‘The ontology of metrics for security evaluation and decision support in SIEM systems’, Proc. of the ARES 2013, 2013.

M. C. Parmelee, ‘Toward an ontology architecture for cyber-security standards’, Proc. of the 2010 Semantic Technology for Intelligence, Defense, and Security. Fairfax, 116-123, 2010.

Z. Syed, A. Padia, T. Finin, L. Mathews, A. Joshi, ‘UCO: a Unified Cybersecurity Ontology’, Proc. of the AAAI Workshop on Artificial Intelligence for Cyber Security, Phoenix, Arizona, USA, 195-202, 2016.

Unified Cybersecurity Ontology, retrieved May 20, 2019 from https://github.com/Ebiquity/Unified-Cybersecurity-Ontology.

S. Javanmardi, M. Amini, R. Jalili and Y. Ganjisaffar, ‘SBAC : a Semantic-Based Access Control model’, 2006.

B. Mozzaquatro, R. Melo, C. Agostinho, R. Jardim-Goncalves, ‘An ontology-based security framework for decision-making in industrial systems’, Proc. of the 4th International Conference on Model-Driven Engineering and Software Development, 779-788, 2016.

C. Marinica, ‘Association Rule Interactive Post-processing using Rule Schemas and Ontologies – ARIPSO’, 2010.

A. Aviad, K. Węcel, W. Abramowicz, ‘The semantic approach to cyber security. Towards ontology based body of knowledge’, Proc. of the 14th European Conference on Cyber Warfare and Security, 328-336, 2015.

I. Kotenko, A. Fedorchenko, A. Chechulin, ‘Integrated repository of security information for network security evaluation’, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 6, 41-57, 2015.

CWE official website. CWE schema documentation. URL: https://cwe.mitre.org/documents/schema/index.html (access date: 01.12.2019).

CAPEC Scheme Documentation. Official web-site of MITRE corporation. Access: https://capec.mitre.org/documents/schema/index.html (access date: 01.12.2019).

CAPEC Scheme. Official web-site of MITRE corporation. Access: https://capec.mitre.org/data/xsd/ap_schema_v3.1.xsd (access date: 01.12.2019).

E. Doynikova, I. Kotenko, ‘CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection’, Proc. of the 25th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2017), IEEE, St. Petersburg, Russia, 2017, DOI: 10.1109/PDP.2017.44.

P. M. Mell, K. A. Scarfone, S. Romanosky, ‘A Complete Guide to the Common Vulnerability Scoring System Version 2.0’, FIRST Forum Incident Response Security Teams, 2007.

D. Waltermire, P. Cichonski, K. Scarfone, ‘Common Platform Enumeration: Applicability Language Specification Version 2.3’, NISTIR 7698, 2011.

FIRST, ‘Common Vulnerability Scoring System v3.0: Specification Document’, Forum Incid. Response Secur. Teams, 2015, DOI: https://doi.org/10.1109/msp.2006.145.

E. Doynikova, A. Chechulin, I. Kotenko, ‘Analytical attack modeling and security assessment based on the common vulnerability scoring system’, Proc. of the FRUCT 2017, 2017.

Downloads

Published

2020-03-27

Issue

Section

ARES 2019 workshops