Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics

Abstract

In this paper we propose an ontology-based framework for the Internet of Things (IoT) to safeguard against Advanced Persistent Threats (APTs). The framework grasps the understanding of attack kill-chain, leveraged attack patterns and vulnerabilities and aligns them with network semantics to gauge their applicability on IoT systems. Followed by that, it automatically infers efficient solutions for changing attack tactics by performing cost-benefit analysis of viable countermeasures through rule-based ontology reasoning. Our work leverages existing ontologies of well-known Cyber Threat Intelligence (CTI) standards by extending them with new concepts and aligning with a novel IoT ontology. The framework automatically extracts relevant information from XML-based threat feeds, populates it as ontology instances and maps it with IoT configurations to perform the desired reasoning. The practicality of approach has been illustrated by evaluating a sample IoT network against a variety of real-world APTs.

DOI: 10.1109/FIT.2016.013

4 Figures and Tables

Showing 1-10 of 16 references

Red October: Diplomatic Cyber Attack Investigation

  • 2013

Threat assessment & remediation analysis (tara): Methodology description version 1

  • J Wynn, J Whitmore, +5 authors L Clausen
  • 2011