Using Ontologies in Cybersecurity Field

Abstract

1 IntroductionThe evolution and expansion of the internet facilitated by great developments in fields such as Big Data, Artificial Intelligence and Machine Learning led to a great change in the virtual environment. The internet transitioned from an environment designed for humans to one where both humans and machines exist and interact. The Semantic Web was first introduced by Tim Berners-Lee et al back in 2001, Berners-Lee being no one else, but the creator of World Wide Web (abbreviated WWW). [1] Since then, the Semantic Web technologies became widespread with applications in various fields. The transition from machine readable information to machine understandable information is possible by expressing the information in languages such as RDF and OWL. [2]In this article the authors discuss how Semantic Web technologies can be used in Cybersecurity field. Cybersecurity is arguably a very complex and extensive domain, whose activities can be classified in two: those undertaken to design an optimal system, with as few vulnerabilities as possible and those that are taken as a result of the problems that appear after the system is operational. While the first type of activities have a relatively common approach to improve security for programming developers, the second is a cat and mouse game, where as soon as a black hat hacker manages to find (and exploit) a type of vulnerability, the system experts work to solve it. In contrast to the white hat hackers, the black hat hackers access and perform actions on a computer system illegally, without the owner's permission, in order to gain personal advantages. One of the objectives of this article is to recognize and discuss actions that can be done between the two types of activities described above, with the help of Semantic Web technologies.The authors propose a framework based on Semantic Web technologies which aims to extract and analyse text in natural (human) language available online and provide results that can improve Cybersecurity. As Abbasi et al point out, there is a lack of research that explores automated identification and characterization of expert hackers within online communities [3].Section 2 presents the main semantic web standards which are considered for the model proposed. Section 3 discusses the borders in which Semantic Web technologies can be used to improve Cybersecurity. The authors describe the types of results expected, based on different types of online sources. They also analyse the types of input data, which consists in any online source about Cybersecurity which may link with black hat hacking. Section 4 highlights the main solutions for web data extraction, illustrates the main differences between scrapers and crawlers and compares the main characteristics of crawlers. Section 5 presents a framework which detects potential Cybersecurity threats based on Semantic Web technologies, as well as the data flow of the model. The 6th section display the authors' conclusion and future work.2Semantic Web StandardsSemantic Web is an extension of World Wide Web, where unstructured data is interpreted by machines through ontologies. Borrowed from philosophy, in IT, ontologies are considered explicit, formal definitions of the entities of reality, based on classes, relations and individuals. Essentially, ontologies are tools that provide to the machines the means of understanding natural language. If machines can properly interpret hacker community's discussions then it is likely that cybersecurity field can be improved.For the model described below, the authors expect to develop ontologies by using the following standards: XML (Extensible Markup Language), RDF (Resource Description Framework), RDFS (Resource Description Framework Schema), OWL (Web Ontology Language) and SPARQL (SPARQL Protocol and RDF Query Language). Figure 1 illustrates the main concepts and abstractions as well as the semantic web specifications and solutions. …