2016-03-CYBONT – Cyber Ontology and Data Fusion

Ref ID:

CYBONT

Job Title:

Cyber Data Fusion Software Engineer

Location:

DC Metro area, Aberdeen Proving Grounds, MD

Job Description:

There is a growing set of data model and schema elements pertaining to cyber operations such as:

a.             Malware Attribute Enumeration and Characterization (MAEC)

b.             Cyber Observable Expression (CybOX™)

c.             Structured Threat Information eXpression (STIX™),

d.             Common Weakness Enumeration (CWE™),

e.             Common Vulnerabilities and Exposures (CVE), and

f.              Common Attack Pattern Enumeration and Classification (CAPEC).

While these are immensely valuable, they have two capability gaps.  The objective of this work is the development of a mathematical ontology for cyber events, entities and their associations and intentions – cyber Situation Awareness (SA) – and associated cyber Command and Control (C2) - DoDIN Ops, Defensive Cyber Operations (DCO), and Offensive Cyber Operations (OCO).  Where the cyber ontology (CybOnt) comes in is with the exchange of detailed and unambiguous – mathematically structured – information between the various nodes, National to and from BCT.  In the sensor and data fusion world this is called Distributed Data Fusion (DDF) and, for the distributed and diverse algorithms to produce accurate estimates, it is essential that the exchanged data be unambiguous and interoperable. 

Required skills:

·         Software engineering in DoD environment

·         Programming mathematical algorithms

·         Distributed data processing (e.g., Map/Reduce)

·         Processing of cyber sensors data

·         Inference, analytics, detection, and/or data fusion algorithms

Desired skills:

•      Knowledge and/or experience with Tactical Cloud Reference Architecture (TCRI)

•      JDL Data Fusion levels

•      Hypothesis testing algorithms

•      Data modeling

•      Ontology development

•      Experience with Army cyber systems such as EW PMT, DCGS-A

•      RDF/OWL

•      Cyber ranges and simulators

Task areas:

•      Assist in demonstrating that a cyber ontology can aid in the detection of attacks.

•      Aid in extending the current CybOnt to address the attack signatures and patterns in sample data using tools like SNORT, Wireshark, and Network Miner.

•      Modify CybOnt A/T-Box and H1/H0 patterns.  Use SNORT have toolset rules, e.g., weird looking IP datagrams. 

•      Populate instance data into CybOnt and pass by OWL API via OWLLink to an open source OWL reasoner such as FaCT++, JFact, HermiT, Pellet, and RacerPro to entail typeInstance relationships between the A-box instance data and the T-Box H1 and H0 patterns. 

•      Develop use cases for cyber scenarios and vignettes of interest.  Then follow a systematic procedure to derive information and cyber ontology requirements from those use cases. 

•      Leverage existing ontology patterns and the Cyber Schema data elements.  First assemble the ontology patterns that cover the use case information requirements.  Then identify data model and schema elements that are relevant to the use case information requirements.  Next rationally reconstruct them into the formal ontologic structure.  From an ontological viewpoint, an interesting starting point for OCO might be to just reverse engineer the more well-developed DCO ontologies, and apply their inverse.

•      Generalize and trace-to sample and simulated cyber sensor data to ontology elements. Ingest the relevant Cyber data (e.g., DARPA PLAN X and XDATA, TWITTER, GPS, Wi-Fi, and/or CENTCOM Red team data) into CybOnt in a manner in which it can be ingested into the DCGS-A Cloud platform.  As well, ingest cyber sensor data generated from simulators (e.g., JCSS, Cyber Virtual Ad hoc Network (CyberVAN)). Extract the data based on the developed cyber ontology, store into the database, run the prototype/demonstrator cyber SA analytic.  This will involve software development not just of the prototype algorithm but also the loader and translator from the raw sensor data to the CybOnt.

•      As the cyber ontology is developed, it is then tested against prototype and demonstration cyber analytic and fusion algorithms to ensure its utility.  This is expected to reveal the need for refinements in the cyber ontology to support the analytics and fusion algorithms that will contribute to cyber SA and to indicate the role of contextual influences.

Experience:

5+ years software engineering

Education:

• BS/BA - PhD
• Computer / Information Science
• Mathematics or physical sciences
• Systems / Electrical / Electronics Engineering

Other:

DoD Secret preferably with current TS/SCI

Email your resume to Dave McDaniel, President, at David.McDaniel@SilverBulletInc.com, for a speedy response.