2016 International Conference on Frontiers of Information Technology (FIT) (2016)
Dec. 19, 2016 to Dec. 21, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/FIT.2016.013
In this paper we propose an ontology-based framework for the Internet of Things (IoT) to safeguard against Advanced Persistent Threats (APTs). The framework grasps the understanding of attack kill-chain, leveraged attack patterns and vulnerabilities and aligns them with network semantics to gauge their applicability on IoT systems. Followed by that, it automatically infers efficient solutions for changing attack tactics by performing cost-benefit analysis of viable countermeasures through rule-based ontology reasoning. Our work leverages existing ontologies of well-known Cyber Threat Intelligence (CTI) standards by extending them with new concepts and aligning with a novel IoT ontology. The framework automatically extracts relevant information from XML-based threat feeds, populates it as ontology instances and maps it with IoT configurations to perform the desired reasoning. The practicality of approach has been illustrated by evaluating a sample IoT network against a variety of real-world APTs.
Security controls, Actionable cyber threat intelligence, Internet of Things, Ontology
M. Mohsin and Z. Anwar, "Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics," 2016 International Conference on Frontiers of Information Technology (FIT), Islamabad, Pakistan, 2016, pp. 23-28.