Cybersecurity Ontology for Dynamic Analysis of IT Systems
Jakub Pastuszuk, Patryk Burek, Bogdan Księżopolski
Abstract
Today’s IT systems are characterized by a high complexity and the increasing number of sub-systems, as well as the physical equipment needed. That raises the problem of keeping the whole architecture secure, as it has been revealed in recent years by numerous scandals related to data leaks from inadequately secured systems. Several ontology-based approaches tied to the cybersecurity domain have been developed aiming at solving the problem of identifying vulnerabilities in real world systems. Unfortunately, these approaches do not address the essential problem: since real IT system architectures are dynamic and highly variable, it is necessary to enable real-time inventory and observation of all system components, as well as to retrieve up-to-date data about those systems and potential risks. The current paper has a threefold purpose. First, we examine the existing cybersecurity ontologies and identify the deficiencies that prevent us from using them in real, dynamic IT systems. Next, we introduce and propose a framework based on the Dynamic CyberSecurity Ontology, which fills the existing gaps in current solutions. Finally, we outline a monitoring system based on the developed ontology, which implements automatic data mining mechanisms that aggregate results from dynamic knowledge sources, such as Shodan or Censys. As a result, the ontological examination of systems over time becomes possible.