Towards automation of threat modeling based on a semantic model of attack patterns and weaknesses

12/08/2021
by   Andrei Brazhuk, et al.
0

This works considers challenges of building and usage a formal knowledge base (model), which unites the ATT CK, CAPEC, CWE, CVE security enumerations. The proposed model can be used to learn relations between attack techniques, attack pattern, weaknesses, and vulnerabilities in order to build various threat landscapes, in particular, for threat modeling. The model is created as an ontology with freely available datasets in the OWL and RDF formats. The use of ontologies is an alternative of structural and graph based approaches to integrate the security enumerations. In this work we consider an approach of threat modeling with the data components of ATT CK based on the knowledge base and an ontology driven threat modeling framework. Also, some evaluations are made, how it can be possible to use the ontological approach of threat modeling and which challenges this can be faced.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 6

page 10

01/14/2018

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker c...
05/28/2021

Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph Application Examples

Social engineering has posed a serious threat to cyberspace security. To...
04/29/2020

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the 'Hacktivist' Threat to Critical Infrastructure

The hacktivist threat actor is listed in many risk decision documents. Y...
08/25/2021

Towards Dynamic Threat Modelling in 5G Core Networks Based on MITRE ATT CK

This article discusses how the gap between early 5G network threat asses...
03/15/2022

Threat Detection for General Social Engineering Attack Using Machine Learning Techniques

This paper explores the threat detection for general Social Engineering ...
03/08/2019

ABC: A Cryptocurrency-Focused Threat Modeling Framework

Cryptocurrencies are an emerging economic force, but there are concerns ...
02/08/2021

OntoEnricher: A Deep Learning Approach for Ontology Enrichment from Unstructured Text

Information Security in the cyber world is a major cause for concern, wi...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.