The identification of network attacks in real-time is becoming increasingly important. Most Artificial Intelligence (AI) applications use machine learning to do the classification of attack types but the advantage of an ontological approach is that automated reasoning is the underpinning theory rather than automated learning. Automated reasoners allow automated classification and this powerful feature is the basis for the developing of an early warning system for active network attacks. In this paper, the authors describe how to employ Semantic Technologies by building an ontology to identify network attack types in order to support the automated classification of current network attacks by recognising relevant properties which are then mapped to relevant attack scenarios depicted in the ontology. The ontology engineering guidelines provided by Noy and McGuinness (2001) were used to build the ontology. The classes and relationships of the ontology are described formally and implemented in Protégé, an ontology editor. A core class in the ontology is the Attack Scenario class that represents different types of network attacks, for example, a Denial of Service attack. The ontology is evaluated by showing two examples of real attacks that correctly classified by the presented ontology. The presented ontology is to be expanded in future work. The aim of this paper is not to present a complete network attack ontology, but rather to present a proof of the concept of how to formally describe such an ontology, with the view to providing a baseline for future development of details. Row examples are explored to demonstrate how specific instances of attacks are classified using the ontology.
Reference:
Van Heerden, R.P., Leenen, L. & Irwin, B. 2021. Description of a network attack ontology presented formally. In Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities. S. Misra & A. Tyagi, Eds. S.l.: Springer. http://hdl.handle.net/10204/12210 .
Van Heerden, R. P., Leenen, L., & Irwin, B. (2021). Description of a network attack ontology presented formally. In S. Misra & A. Tyagi. (Eds.), Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities Springer. http://hdl.handle.net/10204/12210
Van Heerden, Renier P, L Leenen, and B Irwin. "Description of a network attack ontology presented formally" In ARTIFICIAL INTELLIGENCE FOR CYBER SECURITY: METHODS, ISSUES AND POSSIBLE HORIZONS OR OPPORTUNITIES, edited by S Misra. n.p.: Springer. 2021. http://hdl.handle.net/10204/12210.
Van Heerden RP, Leenen L, Irwin B. Description of a network attack ontology presented formally. In Misra S, Tyagi A, editors.. Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities. [place unknown]: Springer; 2021. [cited yyyy month dd]. http://hdl.handle.net/10204/12210.