Content area
Governments, military forces and other organisations responsible for cybersecurity deal with vast amounts of data that has to be understood in order to lead to intelligent decision making. Semantic technologies is a knowledge representation paradigm where the meaning of data is encoded separately from the data itself. The use of semantic technologies such as logic-based systems to support decision making is becoming increasingly popular. Due the vast amounts of information pertinent to cybersecurity, automation is required for processing and decision making. However, most automated systems are currently based on syntactic rules. These rules are generally not sophisticated enough to deal with the complexity of decisions required to be made. The incorporation of semantic information allows for increased understanding and sophistication in cyber defence systems. An example of an application area is systems that detect and respond to cyber attacks: semantic information enables increased understanding and sophistication in network attack detection systems. In this paper the authors give an overview of the use of semantic technologies in cyber defence, and identify and discuss emerging trends and the way forward for future research.
Abstract: Governments, military forces and other organisations responsible for cybersecurity deal with vast amounts of data that has to be understood in order to lead to intelligent decision making. Semantic technologies is a knowledge representation paradigm where the meaning of data is encoded separately from the data itself. The use of semantic technologies such as logic-based systems to support decision making is becoming increasingly popular. Due the vast amounts of information pertinent to cybersecurity, automation is required for processing and decision making. However, most automated systems are currently based on syntactic rules. These rules are generally not sophisticated enough to deal with the complexity of decisions required to be made. The incorporation of semantic information allows for increased understanding and sophistication in cyber defence systems. An example of an application area is systems that detect and respond to cyber attacks: semantic information enables increased understanding and sophistication in network attack detection systems. In this paper the authors give an overview of the use of semantic technologies in cyber defence, and identify and discuss emerging trends and the way forward for future research.
Keywords: cyber defence, semantic technologies, decision making, automated systems
1. Introduction
The rapid increase in cyber threats and in the volume of information that has to be processed to provide efficient counter-measures require the ability to perform intelligent search and data integration, in addition to an encoded common vocabulary and shared understanding of the domain. Encoding refers to the capturing of knowledge in a formal language. Intelligent search in the context of this paper refers to search techniques that search according to the meaning of words rather than just according to syntax, i.e. character strings. Due to the vast amounts of information pertinent to cybersecurity, automation is required for processing and decision making. The use of semantic technologies such as logic-based systems to support decision making has become essential. Hernandez-Ardieta & Tapiador (2013) state that it is virtually impossible for any organisation to manage cyber threats without collaboration with partners and allies. Collaboration includes sharing of threat related and cybersecurity information on a near real-time basis and this requirement necessitates the development of infrastructure and mechanisms to facilitate the information sharing, specifically through standardisation of data formats and exchange protocols. It is not merely how to share information but also what, with whom and when to share, as well as reasoning about the repercussions of sharing sensitive data. This level of collaboration will be impossible without attaching meaning to data and the ability to reason over formal structures.
Semantic technologies is a term that represents a number of different technologies that aim to derive meaning from information. Some examples of such technologies are natural language processing, data mining, semantic search technologies, ontologies. It should be noted that semantic technologies are not the same as Semantic Web technologies; the latter is a subset of the former. Semantic Web technologies are technology standards from the World Wide Web Consortium (WC3) that are aimed at the representation of data on the Web. Examples of Semantic Web technologies are RDF (Resource Description Framework) and OWL (Web Ontology Language). The Cambridge Semantics group (Bio) defines semantic technologies as "...algorithms and solutions that bring structure and meaning to information" and Semantic Web technologies as "...those that adhere to a specific set of WC3 open technology standards that are designed to simplify the implementation of not only semantic technology solutions but other kind of solutions as well".
The use of ontologies is the underlying semantic technology driving the Semantic Web initiative (Berners-Lee et al., 2001) and Section 1.1 provides an overview of ontologies.
Janowicz and Hitzler (2012) argue that the semantics research community is faced with a shift from the why of applying semantic technologies to the how. The authors of this paper support this view and maintain that the application of semantic technologies in cyber defence is experiencing a similar shift. This paper gives an overview of the status of application of semantic technologies in cyber defence domain (Section 2), and provides a glance at the emerging trends in both the cyber domain (Section 3) and the semantics research community (Section 4).
1.1 Overview of ontologies
An ontology consists of a shared domain vocabulary and a set of assumptions about the meaning of terms in the vocabulary. A formal definition of an ontology is given by Grüber (1993): a "formal, explicit specification of a shared conceptualisation". An ontology is a technology that enables a formal, shared representation of the key concepts of a specific domain and it provides a way to attach meaning to the terms and relations used in describing the domain.
The main benefits of ontologies are the ability to perform semantic search, provision of a common shared vocabulary and sharing of domain knowledge, and the facilitation of semantic integration and interoperability between heterogeneous knowledge sources. Any satisfactory solution to search and integration problems will have to involve ways of making information machine-processable, a task that is only possible if machines have better access to the semantics of the information.
The information in an ontology is expressed in an ontology language (which are frequently logic-based languages), and then progressively refined. The construction and maintenance of ontologies greatly depend on the availability of ontology languages equipped with a well-defined semantics and powerful reasoning tools. Fortunately there already exists a class of logics, called description logics, that provides for both and are therefore ideal candidates for ontology languages. The web ontology language, OWL 2.0, which was accorded the status of a W3C (World Wide Web Consortium) recommendation in 2009, is the official Semantic Web ontology language. OWL was designed to provide a common way to process the content of web information instead of just displaying it. There are a number of tools and environments available for building ontologies.
2. Current cyber defence applications using semantic technologies
In this section we give an overview of existing application areas of semantic technologies in cyber defence, especially on the development of ontologies.
2.1 Cyber attack classification and prediction
A quick reaction to a network attack is one of the most essential requirements in cyber defence. When a system can identify an ongoing attack and classify the attack, efficient counter- measures can be taken. Balepin et al. (2003) highlighted the need for quick responses with the increase in the speed of computer attacks. Various researchers have developed ontological applications to identify and classify network attacks. A few examples of such ontologies are listed below:
* Bhandari et al. (2014) developed an ontology to perceive the security status of a network.
* A peer-to-peer multi-agent distributed intrusion detection system (Ye et al., 2008).
* A network attack ontology intended to support the automated classification of attacks (van Heerden et al., 2013).
* Salahi & Ansarina (2011) developed an ontology-based system to predict potential network attacks.
2.2 Malware classification
The classification of malware is a very complex discipline due to the fact that there does not exist clear boundaries for the different groups of malware; characteristics are often shared by different types of malware. Many attributes and state changes have to be considered to detect a piece of malware; this complexity also results in problems with the naming and the classification of malware. Good classification and naming schemes support the sharing of information across organisations, facilitate the detection of new threats, and assist with risk assessment in quarantine and clean-up (Bailey et al., 2007). Bailey et al. also highlight that the complexity of modern malware makes the classification process increasingly difficult, especially in terms of consistency and completeness. Another problem is the rapid increase in the number and diversity of Internet malware. There are a number malware naming schemes, for example the CARO scheme, but there does not exist a commonly accepted standard scheme.
Automated malware detection and classification systems currently classify malware inconsistently across products, and their results tend to be incomplete (Bailey et al., 2007). Some of the available analysis systems are Cuckoo Sandbox, Malwr, VirusTotal, and Yarae. One of the major problems with these classification systems is that they are inconsistent, incomplete and fail to be concise in their semantics (Bailey et al., 2007).
The first recommendation in the JASON cyber report (MITRE, 2010) is that the cybersecurity community should develop vocabularies and ontologies such that a common language and a set of basic concepts can be developed for a shared understanding. This report was commissioned by the United States Department of Defense.
Mundie and McIntire (2013) state that: "Nowhere in the cybersecurity community is the lack of a common vocabulary, and the problems it causes, more apparent than in malware analysis." Mundie also stated on a podcast (Mundie & Allen): "And in my view, all the other aspects of a science - the statistics, hypothesis testing, etc. - all of that can only be built on top of that shared understanding that the report highlighted."
A growing number of researchers are investigating the use of semantic technologies to develop more efficient malware classification systems (Mundie & MacIntire, 2013; Tafazzoli & Sadjadi, 2008; Huang et al., 2010; Chiang & Tsuar, 2010)
2.3 Military knowledge management and military ontologies
The modern military environment is faced with an overwhelming amount of information from heterogeneous sources that has to be processed, integrated, interpreted, and exploited in order to gain situational awareness. The development and application of military related ontologies have grown tremendously in the past 10 years. Curts and Campbell (2005), stated that "...the sorts of semantic interoperability provided by ontology technology are indispensable" in attempting to improve our understanding of Command and Control (C2). A useful website, Military Ontology, provides an ontological resource for military domains (http://militaryontology.com/index.html).
A number of efforts have been devoted to developing ontologies for military applications and we mention a few of these below. Lombard et al. (2012) developed an ontology for countermeasures against military aircraft. Belk & Noyes (2012) used an ontology to categorise all operations in cyber space. Smith et al. (2009) presented a process for constructing a concise, modular, and extensible core C2 ontology. Their aim was to support interoperability in a military environment by building a core ontology that can be extended with sub-domain ontologies. Nguyen et al. (2010) discussed the development of a set of ontologies for use in messaging systems within the military and first responder C2 applications.
Many military applications use an ontology in military as a supporting system for simulations. Haberlin et al. (2011) developed a simulation to evaluate a Hypothesis Management Engine.
2.4 Other cyber defence applications
A few other application areas in cyber defence for which ontological approaches have been developed are discussed in this section.
Orbst et al. (2012) has done work in support of the development of an ontology of the cybersecurity domain that will enable data integration across disparate data sources. They propose a number of resources for the envisioned ontology that range from domain specific resources, languages, vocabularies, ontologies and schemas. Their ontology is currently focused on malware but they propose the inclusion of actors, victims, infrastructure, and capabilities.
Ontologies have been developed to support cybersecurity policy implementation: Jansen van Vuuren et al. (2014) developed an ontology to support the implementation of the South African National Cybersecurity Policy. Due to the many role players, functions and relations that are involved in such an implementation, the authors present an ontology to represent the environment in which the policy implementation is to be done. Cuppens-Boulahia et al. (2008) proposed an ontology-based approach to instantiate new security policies to counteract network attacks.
Oltramari & Lebiere (2013) represent requirements for building a cognitive system for decision support with the capability of simulating defensive and offensive cyber operations by employing a semantic approach that includes the use of ontologies. Brinson et al. (2006) created an ontology for the purpose of finding the correct layers for specialisation, certification, and education within the cyber forensics domain.
3. Emerging trends in the cyber domain
Although there are a number of emerging trends in the semantic research community, we focus on three main trends relevant for cyber defence: the creation of interoperability and platforms for the sharing of information, the development of global sources of information in specialised sub-domains and the applications of Big Data research techniques and results in cyber defence.
3.1 Cybersecurity information sharing, knowledge representation and interoperability
"[The] Semantic Web in its most general aim is about interoperability being needed in almost all areas of research and business" (Grobelnik et al. 2012).
Formal models of cyber security information, vocabularies, standardised representations, data formats and exchange protocols are required to share cybersecurity information effectively in the cybersecurity community. Significant effort has been made to categorise cybersecurity information and standardise data formats and protocols (Hernandez-Ardieta & Tapiador, 2013). According to Dandurand & Serrano (2013) current practices and supporting technologies limit the ability of organisations to share information securely with trusted partners. These authors give an overview of a number of cybersecurity standards and initiatives that have been developed such as the European Information Sharing and Alert System (EISAS) (ENISA, 2011) and languages and structures developed by the MITRE corporation: Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) and others (Martin, 2008). Adoption of standards are improving but recently, subject-matter experts from the RSA organisation stated that:
"Data standards for describing and transmitting threat information have advanced significantly, but much progress is needed to extend existing standards and drive wider adoption in vendor solutions. [...] Threat information-sharing and collaboration programs help organizations augment their expertise and capabilities in detecting and remediating advanced threats, but most sharing programs are hindered by a heavy reliance on manually intensive, non-scalable processes and workflows." (Hartman, 2012).
Janowics & Hitzler (2012) cite the usefulness in publication of own data as one of the examples of the added value of semantics: the creation of intelligent metadata enables researchers to support the discovery and reuse of their data. They also stress the shift from developing increasingly complex software to the creation of metadata, and that will make all future applications more usable, flexible and robust. Samrt data is a term for information that make sense, for example when patterns in a dataset have been identified and interpreted. Smart data is made possible by semantic technology (Cambridge Semantics). Ontologies should be used to restrict the interpretation of domain vocabularies towards their intended meaning and reduce the risk of combining unsuitable data and models, something which purely syntactic approaches or natural language representation often fail to do (Kuhn, 2005).
3.2 Using big data research outputs for cyber defence
Big data refers to volumes of data that are too large to be handled by traditional data processing systems. Big Data Analytics refer to advanced analytics techniques such as machine learning, predictive analytics, and other intelligent processing techniques. Linked Data refers to a way of representing structured data so that it can be interlinked and become enhanced.
One of the necessary steps to obtain interoperability is to encourage other research disciplines such as the Big Data and Linked Data communities to collaborate with the semantics research community. Grobelnik et al. (2012) performed a quick test by looking at the number of hits on Google for key words such as "Big Data" (20 million), "Semantic Web" (9 million) and "Big Data & Semantic Web" (0.3 million). They also searched for the number of appearances of "semantic" in the four leading books published in 2011 on "Big Data" and found very few incidences.
Janssen & Grady (2013) explore the use of Big Data technologies augmented by ontologies to improve cybersecurity. They note that these technologies have the potential to revolutionise the handling of large volumes of cyber data. One way in which Big Data Analytics will be effective in the cyber domain is to identify patterns rather than processing collections of pages. Janssen and Grady also maintain that semantic technologies are crucial for the handling of big datasets across multiple domains. Little inroads have yet been made to integrate big datasets. These researchers argue that integration ontologies will have to be developed to provide metadata for browsing and querying: the integrating ontology should automatically construct queries to the Big Data respository. A significant challenge in using ontologies for automated data analytics across datasets that requires attention is probablistic reasoning. This is due to the fact that analysis will have to be done under some uncertainty. Probablistic reasoning applies logic and probability theory to make predictions when uncertain or incomplete information is available.
3.3 Global cyber attack detection systems and automation
Numerous organisations across the globe detect and gather information regarding cyber attacks, network intrusions and malware. Standard, shared systems should be developed to collate and encourage information sharing to enable improved protection against cyber events. However, due to the vast amount of information and the speed at which cyber attacks take place, timely decision making and automated responses are required and the use of ontologies to accomplish this goal is important (Dandurand & Serrano, 2013). A 2008 review of existing security ontologies stated that the security community requires a complete security ontology that addresses insufficiencies in existing ontologies and provides reusability, communication and knowledge sharing (Blanco et al., 2008). Similarly, there should be a standard malware classification system and vocabulary.
Orbst et al. (2012) has made an attempt at creating an ontology for the cyber domain. They are using an initial ontology that is mainly focussed on malware but present a discussion of the development of a ontology for the whole domain. They give a description of the potential ontologies and standards that can be used in the global ontology. These resources include cyber and malware standards, schemas and technologies, foundational or upper ontologies, utility ontologies. An overview of the possible architecture is also given.
Janssen & Grady (2013) also propose the development of a cyber domain ontology that will contain all knowledge necessary for assessment, decision, planning and response in this domain. They base their proposal on the fact that system awareness currently resides in the minds of large numbers of cyber professionals. This information should be gathered in a single repository. Although it is a daunting task, the researchers argue that the recent successes of ontology engineering and the high stakes in the cybersecurity domain makes it necessary to solve on a national level. This argument can also be applied on an international level in the view of the authors of this paper.
There are issues such as trust and willingness to share which will also have to be addressed.
4. Emerging trends in the semantics research community
Scalable reasoning methods and stream reasoning are two emerging areas in the semantics community that should be noted by the cyber defence community. These methods can support the building of more efficient cyber defence systems.
4.1 Scalable reasoning methods
Scalability is a feature of a system that enables it to accommodate growth. The primary purpose of providing meaning to data is to facilitate reasoning about the data, so as to be able to perform sophisticated tasks such as intelligent search and data integration. Reasoning is an expensive computational endeavour that is frequently intractable. One of the major challenges in this regard is the development of scalable reasoning methods. In recent years there have been a number of breakthroughs in the design of scalable ontology languages. The most important of these are the three profiles of the Web Ontology Language OWL 2; OWL 2 EL, OWL 2 DL, and OWL 2 RL (Motik et al.). All three profiles are sub-languages of OWL 2; each designed expressly for representing a particular group of ontologies. The focus on specific groups of ontologies makes it possible to design reasoning methods with very attractive computational properties. To get a sense of the difference between the three profiles, it is important to understand that there is a distinction to be drawn between data and an ontology, the latter being used to provide meaning to the data.
OWL 2 EL is designed for scenarios in which the ontology is large and complicated, but with fairly small amounts of data underlying it. A representative example of a large OWL 2 EL ontology is the medical ontology SNOMED CT (http://www.ihtsdo.org/snomed-ct/), with more than 300 000 active concepts and more than 1 000 000 relationships between the concepts. With SNOMED being represented as an ontology in OWL 2 EL, modern reasoning methods are able to classify all the concepts in SNOMED CT within a matter of milliseconds - a feat that was considered impossible about 15 years ago.
OWL 2 DL, on the other hand, is designed for cases in which an ontology is relatively small but spans large amounts of data. It is frequently used by employing the ontology as a semantic layer into which large database systems are being plugged. This enables users to query a database through the semantic layer, thereby obtaining truly intelligent responses from the system. The power of OWL 2 DL querying lies in the development of techniques where queries posed through the ontology are rewritten as standard database queries. This makes it possible to exploit existing efficient database querying methods, and has the potential for very fast and efficient querying.
Finally, OWL RL exploits the fact that many domains of interest can be represented using rule-like statements, and adopts existing techniques for reasoning efficiently with rule-based systems. OWL 2 RL is aimed at applications that require scalable reasoning without sacrificing too much expressive power. The expressivity of a language refers to the level to which it can describe different ideas. It is designed to accommodate OWL 2 applications that can trade the full expressivity of the language for efficiency, as well as RDF(S) applications that need some added expressivity. The expressive power of a language provides a notion of the range of things (or ideas) that a language can describe. OWL 2 RL reasoning systems can be implemented using rule-based reasoning engines. The ontology consistency, class expression satisfiability, class expression subsumption, instance checking, and conjunctive query answering problems can be solved in time that is polynomial with respect to the size of the ontology. The RL acronym reflects the fact that reasoning in this profile can be implemented using a standard Rule Language.
4.2 Stream reasoning
Most of the currently available semantic technologies are based on the assumption that information is static. This is, of course, not a realistic assumption, and one of the important trends in this area is the development of tools able to deal with dynamic information that changes over time. A particularly useful scenario to consider is one where an incremental flow of data is available. Examples of this include data obtained from sensor network monitoring, traffic engineering, RFID tags applications, telecom call recording, medical record management, financial applications, and clickstreams, and are frequently referred to as streams of data. Clearly, information needed for ensuring cyber security falls in this category as well. Reasoning over such streams of data is referred to as stream reasoning (Della Valle et al., 2009). The goal of stream reasoning is to draw relevant conclusions and react to new situations with minimal delays. It is needed to support a variety of important functionalities in autonomous systems such as situation awareness, execution monitoring, and decision-making.
What is needed for efficient, intelligent stream reasoning is the provision of the abstractions, foundations, methods, and tools required to integrate data streams and existing reasoning systems, and there is broad consensus that the ability to reason about streaming data to cope with the increasing amount of dynamic data on the web is the next big step in semantic technologies (Della Valle et al., 2009).
The research agenda for this challenge has been picked up by a number of research groups internationally (Stuckenschmidt et al., 2010). At its core is the goal to combine existing semantic technologies with data streams in order to perform stream reasoning. Work has been done on the foundations of real-time reasoning on data streams as they become available (Beck at al., 2014). It has also led to alternative abstractions for representing and querying semantic streams of data. Various forms of deductive and inductive stream reasoning have been investigated (Barbieri et al., 2013). In terms of improving the efficiency of stream reasoning methods, the exploitation of the temporal order of data streams has been recognised as a key optimisation method for stream reasoning. In a similar vein, parallelisation and distribution techniques for stream reasoning have been investigated (Albeladi, 2012).
5. Conclusion
This paper considers the application of semantic technologies for cyber defence by giving an overview of existing applications, identifying emerging trends in semantic applications of cyber defence, and identifying emerging trends in the semantics research community which may be important for future research in cyber defence. These emerging trends also serve as the authors' recommendations for future research areas in the domain:
* Development of formal models and data standards and formats for the representation and sharing of cybersecurity information.
* Development of techniques to process and analyse Big Data in the cybersecurity domain.
* Advancement of Automated cyber attack detection systems.
* Application of Scalable Reasoning Methods and Stream Reasoning techniques to advance Cyber Defence systems.
References
Albeladi R., Distributed Reasoning on Semantic Data Streams. (2012). 11th International Semantic Web Conference (ISWC), LNCS, Vol 7650, pp. 433-436S.
Bailey, M., Oberheide, J., Andersen, J., Mao, Z. M., Jahanian, F., and Nazario, J. (2007) "Automated Classification and Analysis of Internet Malware", International Symposium on Recent Advances in Intrusion Detection (RAID'07).
Balepin, I., Maltsev, S., Rowe, J. and Levitt, K. (2003) Using specification-based intrusion detection for automated response. Recent Advances in Intrusion Detection, Springer, pp. 136-154.
Barbieri, D.F., Braga, D., Ceri, S., Valle, E.D., Huang, Y., Tresp, V., Rettinger, A., and Wermser, H. (2010) "Deductive and Inductive Stream Reasoning for Semantic Social Media Analytics", IEEE Intelligent Systems, pp. 32-41.
Beck H., Dao-Tran M., Eiter T. and Fink M. (2014) "Towards a Logic-Based Framework for Analyzing Stream Reasoning", 3rd International Workshop on Ordering and Reasoning.
Berners-Lee, T., Hendler, J. and Lassila, O. (2001) "The Semantic Web", Scientific American, Vol 284, No. 5.
Belk, R. and Noyes, M. (2012) "On the Use of Offensive Cyber Capabilities", Master's thesis, Harvard Kennedy School. http://www.dtic.mil/docs/citations/ADA561817.
Bhandari, P. and Guiral, M.S. (2014) "Ontology Based Approach for Perception of Network Security State", Recent Advances in Engineering and Computational Sciences (RAECS).
Bio, L.F. "Semantic Web vs. Semantic Technologies", Cambridge Semantics. Retrieved Oct 15 from http://www.cambridgesemantics.com/semantic-university/semantic-web-vs-semantic-technologies
Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., and Piattini, M. (2008) "A Systematic Review and Comparison of Security Ontologies", Third International Conference on Availability, Reliability and Security.
Brinson, A., Robinson, A. and Rogers, M. (2006) "A Cyber Forensics Ontology: Creating a New Approach to Studying Cyber Forensics", Digital Investigation, Vol 35. pp. 37-43.
Cambridge Semantics. "Smart Data". Retrieved from http://www.cambridgesemantics.com/technology/smart-data-explained [3 Dec 2014]
Chiang, H.-S. and Tsuar, W.-J. (2010) "Ontology-based Mobile Malware Behavioural Analysis", IEEE Second International Conference on Social Computing (SocialCOM 2010).
Cuppens-Boulahia, N., Cuppens, F., de Vergara, J.E.L. and Vazquez, E. (2008) "An Ontology-based Approach to reatct to Network Attacks", 3rd International Conference on Risks and Security of Internet and Systems (CRiSIS '08).
Curts, R.J. and Campbell, D.E. (2005) "Building an Ontology for Command & Control", 10th International Command and Control Research and Technology Symposium.
Dandurand, L. and Serrano, O.S. (2013) "Towards Improved Cyber Security Information Sharing", 5th International Conference on Cyber Conflict. NATO CCD COE Publications, Tallinn
Della Valle E., Ceri S. and van Harmelen F., Fensel D. (2009) "It's a Streaming World! Reasoning Upon Rapidly Changing Information", Intelligent Systems, Vol 9 No. 6, pp. 83-89.
ENISA. (2011) "EISAS (enhanced) report on implementation", Retrieved 23 Oct 2014 from https://www.enisa.europa.eu/activities/cert/other-work/eisas_folder/eisas-report-on-implementation-enhanced
Grobelnik, M., Mladenic, D. and Fortuna, B. (2012) "Semantic Web in 10 years", ISWC2012 Workshop on "What will the Semantic Web look like in 10 years from now".
Gruber, T. (1993) "A translation approach to portable ontology specifications", Knowledge Acquisition, Vol 5.
Haberlin, R., Da Costa, P. C. G. and Laskey, K.B. (2011) "An Ontology for Hypothesis Management in the Maritime Domain", 16th International Command and Control Research and Technology Symposium.
Hartman, B. M. (2012) "RSA Security Brief February 2012, Breaking Down Barriers to Collaboration in the Fight Against Advanced Threats", Retrieved 23 Oct 2014 from http://www.emc.com/collateral/industry-overview/11652-h9084-aptbdb-brf-0212-online.pdf
Hernandez-Ardieta, J.L. and Tapiador, J.E. (2013) "Information Sharing Models for Cooperative Cyber Defence.", 5th International Conference on Cyber Conflict. NATO CCD COE Publications.
Huang, H.-D., Chuang, T.-Y., Tsai, Y.-L., and Lee, C.-S. (2010) "Ontology-based Intelligent System for Malware Behaviour Analysis" IEEE World Congress on Computational Intelligence (WCCI 2010).
Janowicz, K. and Hitzler, P. (2012) "Key Ingredients for Your Next Semantics Elevator Talk", Advances in Conceptual Modeling, LNCS, Vol 7518, pp. 213-220.
Jansen van Vuuren, J.; Leenen, L. and Zaaiman, J. (2014) "Using an Ontology as a Model for the Implementation of the National Cybersecurity Policy Framework for South Africa", 9th International Conference on Cyber Warfare & Terrorism.
Janssen, T. and Grady, N. (2013) "Big Data for Combating Cyber Attacks", Semantic Technology for Intleligence, Defense, and Security (STIDS 2013).
Kuhn, W. (2005) "Geospatial semantics: Why, of what, and how?", Journal on Data Semantics III. Vol 3534 of LNCS, pp. 587-587.
Lombard, N., Gerber, A. and van der Merwe, A. (2012) "Using Formal Ontologies in the Development of Countermeasures for Military Aircraft", Eighth Australasian Ontology Workshop.
Martin, R. (2008) :Making Security Measurable and Manageable", IEEE Military Communications Conference.
MITRE. (2010) "Science of Cybersecurity", (JSR-10-102) MITRE Corporation. Retrieved 23 Oct 2014 from http://fas.org/irp/agency/dod/jason/cyber.pdf
Motik, B., Cuenca Grau, B., Horrocks I., Whu, Z., Fokoue, A. and Lutz, C. "OWL 2 Web Ontology Language Profiles (Second Edition)", Retrieved on 24 Oct 2014 from http://www.w3.org/TR/owl2-profiles.
Mundie, D. and Allen, J. "Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity", Retrieved 5 Feb 2014 from CERT: http://www.cert.org/podcast/show/20130509mundie.html
Mundie, D. and McIntire, D. M. (2013) "An Ontology for Malware Analysis", International Conference on Availability, Reliability and Security.
Nguyen, D.N., Kopena, J.B., Loo, B.T. and Regli, W.C. (2010) "Ontologies for Distributed Command and Control Messaging", Sixth International Conference on Formal Ontology in Information Systems.
Orbst, L. Chase, P. and Markeloff, R. (2012) "Developing an Ontology of the Cyber Security Domain" Semantic Technology for Intelligence, Defense, and Security (STIDS 2012).
Oltramari, A. and Lebiere, C. (2013) "Towards a Cognitive System for Decision Support in Cyber Operations", Semantic Technology for Intelligence, Defense, and Security (STIDS 2013)
Salahi, A. and Ansarinia, M. (2011) "Predicting Network Attacks Using Ontology-Driven Inference", Retrieved on 15 Oct 2014 from http://arxiv.org/ftp/arxiv/papers/1304/1304.0913.pdf
Smith, B., Miettinen, K. and Mandrivk, W. (2009) "The Ontology of Command and Control", 14th International Command and Control Research and Technology Symposium.
Stuckenschmidt H., Ceri S., Della Valle E. and van Harmelen F. (2010) "Towards Expressive Stream Reasoning", Semantic Challenges in Sensor Networks, Dagstuhl Seminar Proceedings 10042.
Tafazzoli, T. and Sadjadi, S. H. (2008) "Malware Fuzzy Ontology for Semantic Web", International Journal of Computer Science and Network Security, Vol 8, No. 7.
van Heerden, R., Leenen, L., and Irwin, B. (2013) "Automated classification of computer network attacks", International Conference on Adaptive Science and Technology (ICAST 2013).
Ye, D., Bai, Q., Zhang, M., and Ye, Z. (2008) "P2P distributed intrusion detections by using mobile agents", Seventh IEEE/ACIS International Conference on Computer and Information Science.
Louise Leenen1 and Thomas Meyer2
1 DPSS, CSIR, South Africa
2 CAIR, CSIR Meraka, and School of Maths, Stats and CS, University of Kwazulu Natal University, South Africa
Copyright Academic Conferences International Limited 2015