Abstract

In today's digital era, the escalating complexity and volume of cybersecurity threats demand sophisticated methods for identifying and responding to incidents. The use of academic sources with practice-oriented annotations are often useful to develop effective threat responses. Traditional text annotation methods often fall short of capturing the nuanced relationships and semantic structures in complex academic texts. To address this challenge, we propose a method to represent the output of manual ontology-driven text annotations as a knowledge graph (KG). We apply this method to Internet of Things (IoT) cybersecurity scenarios where we need to identify best practices that match given threat profiles (Khan and Niazi, 2021; Kandasamy et al., 2021). We test this using semantic web technologies that enable cybersecurity text annotations and formal, deterministic extractions, covering several IoT scenarios (Chaki et al, 2019). The study focuses on articles from 1,355 academic journals in computer science and information systems, obtained from Semantic Scholar, based on a selection of computer science and information systems journals as per Scimago and ABDC rankings. These abstracts are manually annotated using the DKPro Inception platform to target cybersecurity incident response strategies based on the D3FEND-ATT&CK (Strom et al., 2018) ontology developed by MITRE (Kaloroumakis and Smith, 2020). Authors leveraged the DKPro Cassis library in Python to build a KG extending the semantic structure of the D3FEND ontology, identifying commonalities among texts with SPARQL queries, all integrated within Stanford Protégé. The outcome of this work can be applied to infer response tactics according to incident conditions, and recommend literature based on formal response guidelines. In the upcoming next iteration of this work, a Large Language Model (LLM) will be tested along an extended KG and rules to ensure semantic coherence. References Chaki, S., Chaki, R., & Cortesi, A. (2019). Ontology-based IoT cybersecurity: An analysis. Future Internet, 11(5), 108. Kaloroumakis, P.E., & Smith, M.J. (2020). Toward a Knowledge Graph of Cybersecurity Countermeasures. Report by MITRE D3FEND. https://next.d3fend.mitre.org/resources/D3FEND.pdf Kandasamy, K., Karthikeyan, P., & Jawahar, A. (2021). IoT security ontology using semantic technologies. Journal of Network and Computer Applications, 178, 103-123. Khan, N., & Niazi, M. (2021). Leveraging knowledge graphs for cybersecurity incident response and threat intelligence. Computers & Security, 104, 102203. Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A., & Thomas, C. B. (2018). MITRE ATT&CK: Design and philosophy. MITRE Technical Report.

Comments

tpp1248

Download

Share

COinS