Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics

Abstract

In this paper we propose an ontology-based framework for the Internet of Things (IoT) to safeguard against Advanced Persistent Threats (APTs). The framework grasps the understanding of attack kill-chain, leveraged attack patterns and vulnerabilities and aligns them with network semantics to gauge their applicability on IoT systems. Followed by that, it automatically infers efficient solutions for changing attack tactics by performing cost-benefit analysis of viable countermeasures through rule-based ontology reasoning. Our work leverages existing ontologies of well-known Cyber Threat Intelligence (CTI) standards by extending them with new concepts and aligning with a novel IoT ontology. The framework automatically extracts relevant information from XML-based threat feeds, populates it as ontology instances and maps it with IoT configurations to perform the desired reasoning. The practicality of approach has been illustrated by evaluating a sample IoT network against a variety of real-world APTs.

DOI: 10.1109/FIT.2016.013

4 Figures and Tables

Cite this paper

@article{Mohsin2016WhereTK, title={Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics}, author={Mujahid Mohsin and Zahid Anwar}, journal={2016 International Conference on Frontiers of Information Technology (FIT)}, year={2016}, pages={23-28} }