Automated Reasoning over Provenance-Aware Communication Network Knowledge in Support of Cyber-Situational Awareness
17 Aug 2018-pp 132-143
TL;DR: This paper presents a novel framework for capturing provenance-aware network knowledge to enable automated reasoning for network applications that require cyber-situational awareness.
Abstract: Cyber-situational awareness is crucial to applications such as network monitoring and management, vulnerability assessment, and defense. To gain improved cyber-situational awareness, analysts can benefit from automated reasoning-based frameworks. However, such frameworks would require the processing of enormous amounts of network data, which are characterized by syntactic variability. The formal representation of networking concepts, their properties, and interrelations using RDF can narrow the interoperability gaps between routing information and network semantics. Formal knowledge representation also enables automated reasoning, which facilitates network knowledge discovery by making implicit statements explicit. However, capturing and reasoning over the provenance of RDF statements, which is essential to build analysts’ trust in automated support tools, is not trivial. This paper presents a novel framework for capturing provenance-aware network knowledge to enable automated reasoning for network applications that require cyber-situational awareness.
Citations
More filters
TL;DR: A critical review of data models, annotation frameworks, knowledge organization systems, serialization syntaxes, and algebras that enable provenance-aware RDF statements and their limitations can serve as the basis for novel approaches in RDF-powered applications with increasing provenance needs.
Abstract: Expressing machine-interpretable statements in the form of subject-predicate-object triples is a well-established practice for capturing semantics of structured data. However, the standard used for representing these triples, RDF, inherently lacks the mechanism to attach provenance data, which would be crucial to make automatically generated and/or processed data authoritative. This paper is a critical review of data models, annotation frameworks, knowledge organization systems, serialization syntaxes, and algebras that enable provenance-aware RDF statements. The various approaches are assessed in terms of standard compliance, formal semantics, tuple type, vocabulary term usage, blank nodes, provenance granularity, and scalability. This can be used to advance existing solutions and help implementers to select the most suitable approach (or a combination of approaches) for their applications. Moreover, the analysis of the mechanisms and their limitations highlighted in this paper can serve as the basis for novel approaches in RDF-powered applications with increasing provenance needs.
39 citations
Cites methods from "Automated Reasoning over Provenance..."
...the knowledge domain of communications networks, earlier we introduced a quad-based RDF provenance capturing approach [40], GraphSource, and developed a provenance-...
[...]
TL;DR: A novel anomaly detection approach using FS, called Anomaly Detection Using Feature Selection (ADUFS), has been introduced and the performance results have been compared with six other state-of-the-art techniques based on a decision tree.
Abstract: Anomaly detection from Big Cybersecurity Datasets is very important; however, this is a very challenging and computationally expensive task. Feature selection (FS) is an approach to remove irrelevant and redundant features and select a subset of features, which can improve the machine learning algorithms’ performance. In fact, FS is an effective preprocessing step of anomaly detection techniques. This article’s main objective is to improve and quantify the accuracy and scalability of both supervised and unsupervised anomaly detection techniques. In this effort, a novel anomaly detection approach using FS, called Anomaly Detection Using Feature Selection (ADUFS), has been introduced. Experimental analysis was performed on five different benchmark cybersecurity datasets with and without feature selection and the performance of both supervised and unsupervised anomaly detection techniques were investigated. The experimental results indicate that instead of using the original dataset, a dataset with a reduced number of features yields better performance in terms of true positive rate (TPR) and false positive rate (FPR) than the existing techniques for anomaly detection. For example, with FS, a supervised anomaly detection technique, multilayer perception increased the TPR by over 200% and decreased the FPR by about 97% for the KDD99 dataset. Similarly, with FS, an unsupervised anomaly detection technique, local outlier factor increased the TPR by more than 40% and decreased the FPR by 15% and 36% for Windows 7 and NSL-KDD datasets, respectively. In addition, all anomaly detection techniques require less computational time when using datasets with a suitable subset of features rather than entire datasets. Furthermore, the performance results have been compared with six other state-of-the-art techniques based on a decision tree (J48).
12 citations
01 Jan 2019
TL;DR: The formal knowledge representation of cyberspace concepts and properties in the form of upper and domain ontologies that capture the semantics of network topologies and devices, information flow, vulnerabilities, and cyberthreats can be used for application-specific, situation-aware querying and knowledge discovery via automated reasoning.
Abstract: Network vulnerability checking, automated cyberthreat intelligence, and real-time cybersituational awareness require task automation that benefit from formally described conceptual models. Knowledge organization systems, including controlled vocabularies, taxonomies, and ontologies, can provide the network semantics needed to turn raw network data into valuable information for cybersecurity specialists. The formal knowledge representation of cyberspace concepts and properties in the form of upper and domain ontologies that capture the semantics of network topologies and devices, information flow, vulnerabilities, and cyberthreats can be used for application-specific, situation-aware querying and knowledge discovery via automated reasoning. The corresponding structured data can be used for network monitoring, cybersituational awareness, anomaly detection, vulnerability assessment, and cybersecurity countermeasures.
11 citations
01 Jan 2020
TL;DR: The Packet Analysis Ontology (PAO) is presented, a novel OWL ontology that covers the terminology of packet analysis, including concepts and properties, as well as their restrictions, to be used for knowledge representation and automated reasoning in this field.
Abstract: The automation of packet analysis, even partially, is very much desired, because packet analysis is time-consuming and requires technical knowledge and skills. This paper presents the Packet Analysis Ontology (PAO), a novel OWL ontology that covers the terminology of packet analysis, including concepts and properties, as well as their restrictions, to be used for knowledge representation and automated reasoning in this field. This ontology defines protocols and ports required for capturing the semantics of network activities, many of which are not defined in any other ontology.
9 citations
01 Jan 2019
TL;DR: This chapter describes formal knowledge representation formalisms to capture the semantics of communication network concepts, their properties, and the relationships between them, in addition to metadata such as data provenance and the expressivity of these knowledge representation mechanisms can be increased to represent uncertainty and vagueness.
Abstract: For network analysts, understanding how network devices are interconnected and how information flows around the network is crucial to the cyber-situational awareness required for applications such as proactive network security monitoring Many heterogeneous data sources are useful for these applications, including router configuration files, routing messages, and open datasets However, these datasets have interoperability issues, which can be overcome by using formal knowledge representation techniques for network semantics Formal knowledge representation also enables automated reasoning over statements about network concepts, properties, entities, and relationships, thereby enabling knowledge discovery This chapter describes formal knowledge representation formalisms to capture the semantics of communication network concepts, their properties, and the relationships between them, in addition to metadata such as data provenance It also describes how the expressivity of these knowledge representation mechanisms can be increased to represent uncertainty and vagueness
6 citations
References
More filters
TL;DR: YAGO2 as mentioned in this paper is an extension of the YAGO knowledge base, in which entities, facts, and events are anchored in both time and space, and it contains 447 million facts about 9.8 million entities.
1,186 citations
10 May 2005
TL;DR: The extension of RDF to Named Graphs provides a formally defined framework to be a foundation for the Semantic Web trust layer.
Abstract: The Semantic Web consists of many RDF graphs nameable by URIs. This paper extends the syntax and semantics of RDF to cover such Named Graphs. This enables RDF statements that describe graphs, which is beneficial in many Semantic Web application areas. As a case study, we explore the application area of Semantic Web publishing: Named Graphs allow publishers to communicate assertional intent, and to sign their graphs; information consumers can evaluate specific graphs using task-specific trust policies, and act on information from those Named Graphs that they accept. Graphs are trusted depending on: their content; information about the graph; and the task the user is performing. The extension of RDF to Named Graphs provides a formally defined framework to be a foundation for the Semantic Web trust layer.
577 citations
TL;DR: It is proved that entailment for RDF Schema (RDFS) is decidable, NP-complete, and in P if the target graph does not contain blank nodes, and that consistency is in P.
337 citations
TL;DR: N3Logic is a logic that allows rules to be expressed in a Web environment that extends RDF with syntax for nested graphs and quantified variables and with predicates for implication and accessing resources on the Web, and functions including cryptographic, string, math.
Abstract: The Semantic Web drives toward the use of the Web for interacting with logically interconnected data. Through knowledge models such as Resource Description Framework (RDF), the Semantic Web provides a unifying representation of richly structured data. Adding logic to the Web implies the use of rules to make inferences, choose courses of action, and answer questions. This logic must be powerful enough to describe complex properties of objects but not so powerful that agents can be tricked by being asked to consider a paradox. The Web has several characteristics that can lead to problems when existing logics are used, in particular, the inconsistencies that inevitably arise due to the openness of the Web, where anyone can assert anything. N3Logic is a logic that allows rules to be expressed in a Web environment. It extends RDF with syntax for nested graphs and quantified variables and with predicates for implication and accessing resources on the Web, and functions including cryptographic, string, math. The main goal of N3Logic is to be a minimal extension to the RDF data model such that the same language can be used for logic and data. In this paper, we describe N3Logic and illustrate through examples why it is an appropriate logic for the Web.
220 citations
07 Apr 2014
TL;DR: This paper proposes a novel approach called Singleton Property for representing statements about statements and provides a formal semantics for it, and explains how this singleton property approach fits well with the existing syntax and formal semantics of RDF, and the syntax of SPARQL query language.
Abstract: Statements about RDF statements, or meta triples, provide additional information about individual triples, such as the source, the occurring time or place, or the certainty. Integrating such meta triples into semantic knowledge bases would enable the querying and reasoning mechanisms to be aware of provenance, time, location, or certainty of triples. However, an efficient RDF representation for such meta knowledge of triples remains challenging. The existing standard reification approach allows such meta knowledge of RDF triples to be expressed using RDF by two steps. The first step is representing the triple by a Statement instance which has subject, predicate, and object indicated separately in three different triples. The second step is creating assertions about that instance as if it is a statement. While reification is simple and intuitive, this approach does not have formal semantics and is not commonly used in practice as described in the RDF Primer. In this paper, we propose a novel approach called Singleton Property for representing statements about statements and provide a formal semantics for it. We explain how this singleton property approach fits well with the existing syntax and formal semantics of RDF, and the syntax of SPARQL query language. We also demonstrate the use of singleton property in the representation and querying of meta knowledge in two examples of Semantic Web knowledge bases: YAGO2 and BKR. Our experiments on the BKR show that the singleton property approach gives a decent performance in terms of number of triples, query length and query execution time compared to existing approaches. This approach, which is also simple and intuitive, can be easily adopted for representing and querying statements about statements in other knowledge bases.
145 citations