Description of a network attack ontology presented formally

Van Heerden, Renier PLeenen, LIrwin, BMisra, STyagi, AK2022-01-102022-01-102021-06Van Heerden, R.P., Leenen, L. & Irwin, B. 2021. Description of a network attack ontology presented formally. In Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities. S. Misra & A. Tyagi, Eds. S.l.: Springer. http://hdl.handle.net/10204/12210 .978-3-030-72235-7978-3-030-72236-4https://doi.org/10.1007/978-3-030-72236-4_14http://hdl.handle.net/10204/12210The identification of network attacks in real-time is becoming increasingly important. Most Artificial Intelligence (AI) applications use machine learning to do the classification of attack types but the advantage of an ontological approach is that automated reasoning is the underpinning theory rather than automated learning. Automated reasoners allow automated classification and this powerful feature is the basis for the developing of an early warning system for active network attacks. In this paper, the authors describe how to employ Semantic Technologies by building an ontology to identify network attack types in order to support the automated classification of current network attacks by recognising relevant properties which are then mapped to relevant attack scenarios depicted in the ontology. The ontology engineering guidelines provided by Noy and McGuinness (2001) were used to build the ontology. The classes and relationships of the ontology are described formally and implemented in Protégé, an ontology editor. A core class in the ontology is the Attack Scenario class that represents different types of network attacks, for example, a Denial of Service attack. The ontology is evaluated by showing two examples of real attacks that correctly classified by the presented ontology. The presented ontology is to be expanded in future work. The aim of this paper is not to present a complete network attack ontology, but rather to present a proof of the concept of how to formally describe such an ontology, with the view to providing a baseline for future development of details. Row examples are explored to demonstrate how specific instances of attacks are classified using the ontology.FulltextenDistributed Denial-of-ServiceDDoSNetwork attack ontologySCO attackTaxonomyDescription of a network attack ontology presented formallyBook ChapterVan Heerden, R. P., Leenen, L., & Irwin, B. (2021). Description of a network attack ontology presented formally. In S. Misra & A. Tyagi. (Eds.), Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities Springer. http://hdl.handle.net/10204/12210Van Heerden, Renier P, L Leenen, and B Irwin. "Description of a network attack ontology presented formally" In ARTIFICIAL INTELLIGENCE FOR CYBER SECURITY: METHODS, ISSUES AND POSSIBLE HORIZONS OR OPPORTUNITIES, edited by S Misra. n.p.: Springer. 2021. http://hdl.handle.net/10204/12210.Van Heerden RP, Leenen L, Irwin B. Description of a network attack ontology presented formally. In Misra S, Tyagi A, editors.. Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities. [place unknown]: Springer; 2021. [cited yyyy month dd]. http://hdl.handle.net/10204/12210.TY - Book Chapter AU - Van Heerden, Renier P AU - Leenen, L AU - Irwin, B AB - The identification of network attacks in real-time is becoming increasingly important. Most Artificial Intelligence (AI) applications use machine learning to do the classification of attack types but the advantage of an ontological approach is that automated reasoning is the underpinning theory rather than automated learning. Automated reasoners allow automated classification and this powerful feature is the basis for the developing of an early warning system for active network attacks. In this paper, the authors describe how to employ Semantic Technologies by building an ontology to identify network attack types in order to support the automated classification of current network attacks by recognising relevant properties which are then mapped to relevant attack scenarios depicted in the ontology. The ontology engineering guidelines provided by Noy and McGuinness (2001) were used to build the ontology. The classes and relationships of the ontology are described formally and implemented in Protégé, an ontology editor. A core class in the ontology is the Attack Scenario class that represents different types of network attacks, for example, a Denial of Service attack. The ontology is evaluated by showing two examples of real attacks that correctly classified by the presented ontology. The presented ontology is to be expanded in future work. The aim of this paper is not to present a complete network attack ontology, but rather to present a proof of the concept of how to formally describe such an ontology, with the view to providing a baseline for future development of details. Row examples are explored to demonstrate how specific instances of attacks are classified using the ontology. DA - 2021-06 DB - ResearchSpace DP - CSIR ED - Misra, S ED - Tyagi, AK J1 - Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities KW - Distributed Denial-of-Service KW - DDoS KW - Network attack ontology KW - SCO attack KW - Taxonomy LK - https://researchspace.csir.co.za PY - 2021 SM - 978-3-030-72235-7 SM - 978-3-030-72236-4 T1 - Description of a network attack ontology presented formally TI - Description of a network attack ontology presented formally UR - http://hdl.handle.net/10204/12210 ER -25246