Towards automation of threat modeling based on a semantic model of attack patterns and weaknesses

by   Andrei Brazhuk, et al.

This works considers challenges of building and usage a formal knowledge base (model), which unites the ATT CK, CAPEC, CWE, CVE security enumerations. The proposed model can be used to learn relations between attack techniques, attack pattern, weaknesses, and vulnerabilities in order to build various threat landscapes, in particular, for threat modeling. The model is created as an ontology with freely available datasets in the OWL and RDF formats. The use of ontologies is an alternative of structural and graph based approaches to integrate the security enumerations. In this work we consider an approach of threat modeling with the data components of ATT CK based on the knowledge base and an ontology driven threat modeling framework. Also, some evaluations are made, how it can be possible to use the ontological approach of threat modeling and which challenges this can be faced.



There are no comments yet.


page 6

page 10


Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker c...

Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph Application Examples

Social engineering has posed a serious threat to cyberspace security. To...

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the 'Hacktivist' Threat to Critical Infrastructure

The hacktivist threat actor is listed in many risk decision documents. Y...

Towards Dynamic Threat Modelling in 5G Core Networks Based on MITRE ATT CK

This article discusses how the gap between early 5G network threat asses...

Threat Detection for General Social Engineering Attack Using Machine Learning Techniques

This paper explores the threat detection for general Social Engineering ...

ABC: A Cryptocurrency-Focused Threat Modeling Framework

Cryptocurrencies are an emerging economic force, but there are concerns ...

OntoEnricher: A Deep Learning Approach for Ontology Enrichment from Unstructured Text

Information Security in the cyber world is a major cause for concern, wi...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.