demonstrating that a cyber ontology can aid in
the detection of attacks.
Aid in extending
the current CybOnt to address the attack
signatures and patterns in sample data using tools like SNORT, Wireshark, and Network Miner.
Modify CybOnt A/T-Box and H1/H0 patterns. Use SNORT have
toolset rules, e.g., weird looking IP datagrams.
data into CybOnt and pass by OWL API via OWLLink to an open source OWL reasoner
such as FaCT++, JFact,
HermiT, Pellet, and RacerPro
to entail typeInstance relationships between
the A-box instance data and the T-Box H1 and H0 patterns.
Develop use cases
for cyber scenarios and vignettes of interest. Then follow a systematic procedure to
derive information and cyber ontology requirements from those use
ontology patterns and the Cyber Schema data elements. First assemble the ontology patterns
that cover the use case information requirements. Then identify data model and schema
elements that are relevant to the use case information requirements. Next rationally reconstruct them into
the formal ontologic structure. From an ontological viewpoint, an
interesting starting point for OCO might be to just reverse engineer the
more well-developed DCO ontologies, and apply
trace-to sample and simulated cyber sensor data to ontology elements.
Ingest the relevant Cyber data (e.g., DARPA PLAN X and XDATA, TWITTER,
GPS, Wi-Fi, and/or CENTCOM Red team data) into CybOnt
in a manner in which it can be ingested into the DCGS-A Cloud platform. As well, ingest cyber sensor data
generated from simulators (e.g., JCSS, Cyber Virtual Ad hoc Network (CyberVAN)). Extract the data based on the developed
cyber ontology, store into the database, run the prototype/demonstrator
cyber SA analytic. This will
involve software development not just of the prototype algorithm but also
the loader and translator from the raw sensor data to the CybOnt.
As the cyber
ontology is developed, it is then tested against prototype and
demonstration cyber analytic and fusion algorithms to ensure its
utility. This is expected to
reveal the need for refinements in the cyber ontology to support the
analytics and fusion algorithms that will contribute to cyber SA and to
indicate the role of contextual influences.