A Semantic Model for Security Evaluation of Information Systems
Keywords:Security evaluation, security assessment, semantics, metrics, ontology, cyber attacks, intelligent data analysis
Modern information systems are characterized by huge security related data streams. For cyber security management in such systems, novel models and techniques for efficient processing of these data streams are required. The paper considers development and application of a semantic model for security evaluation. The proposed model is represented as the ontology of metrics that is based on the relations between sources of security related data, primary features of initial security data and goals of security evaluation. The set of hierarchically interconnected security metrics is mapped to the data features and security evaluation goals. The relations between these metrics within the proposed ontology provide the basis for security evaluation technique. The paper introduces the proposed ontology and its foundations, and briefly describes the developed technique. The analysis of data in the open sources is conducted, and the case study is provided to show applicability of the approach.
NIST official website. URL: https://www.nist.gov/ (access date: 01.12.2019).
NVD official website. URL: https://nvd.nist.gov/ (access date: 01.12.2019).
MITRE corporation official website. URL: https://www.mitre.org/ (access date: 01.12.2019).
CWE official website. URL: https://cwe.mitre.org/ (access date: 01.12.2019).
CAPEC official website. URL: https://capec.mitre.org/ (access date: 01.12.2019).
CyBOK official website. URL: https://www.cybok.org/ (access date: 01.12.2019).
I. Kotenko, M. Stepashkin, E. Doynikova, ‘Security analysis of information systems taking into account social engineering attacks’, Proc. of the 19th International Euromicro Conference on Parallel, Distributed, and Network-Based Processing, 2011, 611-618.
I. Kotenko, E. Doynikova, A. Fedorchenko, A. Chechulin, ‘An ontology-based hybrid storage of security information‟, Information Technology and Control’, 18, 3, 2018.
E. Doynikova, I. Kotenko, ‘Approach for determination of cyber attack goals based on the ontology of security metrics’, Proc. of the IOP Conference Series: Materials Science and Engineering, vol. 450, ‘Data protection in automation systems’, 2018.
E. Doynikova, A. Fedorchenko, I. Kotenko, ‘Ontology of Metrics for Cyber Security Assessment’, Proc. of the 14th International Conference on Availability, Reliability and Security (ARES 2019), August 26-29, 2019, Canterbury, United Kingdom, ACM, New York, NY, USA, 8 pages, 2019, https://doi.org/10.1145/3339252.3341496.
IBM official website. IBM QRadar SIEM. URL: https://www.ibm.com/us-en/marketplace/ibm-qradar-siem (access date: 17.09.2019).
Micro Focus official website. ArcSight Enterprise Security Manager (ESM). URL: https://www.microfocus.com/ru-ru/products/siem-security-information-event-management/overview (access date: 17.09.2019).
Splunk official website. Splunk Enterprise Security. URL: https://www.splunk.com/en_us/software/enterprise-security.html (access date: 17.09.2019).
LogRhythm official website. LogRhythm NextGen SIEM Platform. URL: https://logrhythm.com/products/nextgen-siem-platform/ (access date: 17.09.2019).
CVE official website. URL: https://cve.mitre.org/ (access date: 01.12.2019).
OSVDB official website. URL: https://blog.osvdb.org (access date: 01.12.2019).
US-Cert official website. URL: https://www.kb.cert.org/vuls/ (access date: 01.12.2019).
SecurityFocus project official website. URL: http://securityfocus.com (access date: 01.12.2019).
IBM X-Force Exchange official website. URL: https://exchange.xforce.ibmcloud.com/ (access date: 01.12.2019).
Official website. URL: https://www.exploit-db.com (access date: 01.12.2019).
Official website. URL: https://www.metasploit.com (access date: 01.12.2019).
M. Horridge, ‘A practical guide to building OWL ontologies using Protege 4 and CO-ODE tools’, The University Of Manchester, 2011.
Protege User Documentation, retrieved May 20, 2019 from https://protegewiki.stanford.edu/wiki/Main_Page.
Web Ontology Language Overview, retrieved May 20, 2019 from https://www.w3.org/TR/owl-features.
G. Elahi, E. Yu, N. Zannone, ‘A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations’, Lecture Notes in Computer Science 5829, 99-114, 2009.
M. Guo, J. A. Wang, ‘An ontology-based approach to model Common Vulnerabilities and Exposures in information security’, Proc. of the 2009 ASEE Southeast Section Conference, 2009.
J. A. Wang, M. Guo, ‘Security data mining in an ontology for vulnerability management’, Proc. of the International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing, Shanghai, 2009, 597-603.
G. G. Granadillo, Y. B. Mustapha, N. Hachem, H. Debar, ‘An ontology-based model for SIEM environments’, Global Security, Safety and Sustainability & eDemocracy, Springer Berlin Heidelberg, 2012, DOI: 10.1007/978-3-642-334481_21.
I. Kotenko, O. Polubelova, I. Saenko, E. Doynikova, ‘The ontology of metrics for security evaluation and decision support in SIEM systems’, Proc. of the ARES 2013, 2013.
M. C. Parmelee, ‘Toward an ontology architecture for cyber-security standards’, Proc. of the 2010 Semantic Technology for Intelligence, Defense, and Security. Fairfax, 116-123, 2010.
Z. Syed, A. Padia, T. Finin, L. Mathews, A. Joshi, ‘UCO: a Unified Cybersecurity Ontology’, Proc. of the AAAI Workshop on Artificial Intelligence for Cyber Security, Phoenix, Arizona, USA, 195-202, 2016.
Unified Cybersecurity Ontology, retrieved May 20, 2019 from https://github.com/Ebiquity/Unified-Cybersecurity-Ontology.
S. Javanmardi, M. Amini, R. Jalili and Y. Ganjisaffar, ‘SBAC : a Semantic-Based Access Control model’, 2006.
B. Mozzaquatro, R. Melo, C. Agostinho, R. Jardim-Goncalves, ‘An ontology-based security framework for decision-making in industrial systems’, Proc. of the 4th International Conference on Model-Driven Engineering and Software Development, 779-788, 2016.
C. Marinica, ‘Association Rule Interactive Post-processing using Rule Schemas and Ontologies – ARIPSO’, 2010.
A. Aviad, K. Węcel, W. Abramowicz, ‘The semantic approach to cyber security. Towards ontology based body of knowledge’, Proc. of the 14th European Conference on Cyber Warfare and Security, 328-336, 2015.
I. Kotenko, A. Fedorchenko, A. Chechulin, ‘Integrated repository of security information for network security evaluation’, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 6, 41-57, 2015.
CWE official website. CWE schema documentation. URL: https://cwe.mitre.org/documents/schema/index.html (access date: 01.12.2019).
CAPEC Scheme Documentation. Official web-site of MITRE corporation. Access: https://capec.mitre.org/documents/schema/index.html (access date: 01.12.2019).
CAPEC Scheme. Official web-site of MITRE corporation. Access: https://capec.mitre.org/data/xsd/ap_schema_v3.1.xsd (access date: 01.12.2019).
E. Doynikova, I. Kotenko, ‘CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection’, Proc. of the 25th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2017), IEEE, St. Petersburg, Russia, 2017, DOI: 10.1109/PDP.2017.44.
P. M. Mell, K. A. Scarfone, S. Romanosky, ‘A Complete Guide to the Common Vulnerability Scoring System Version 2.0’, FIRST Forum Incident Response Security Teams, 2007.
D. Waltermire, P. Cichonski, K. Scarfone, ‘Common Platform Enumeration: Applicability Language Specification Version 2.3’, NISTIR 7698, 2011.
FIRST, ‘Common Vulnerability Scoring System v3.0: Specification Document’, Forum Incid. Response Secur. Teams, 2015, DOI: https://doi.org/10.1109/msp.2006.145.
E. Doynikova, A. Chechulin, I. Kotenko, ‘Analytical attack modeling and security assessment based on the common vulnerability scoring system’, Proc. of the FRUCT 2017, 2017.