Will a cyber ontology be able to save us?

Cybersecurity threats and incidents have been steadily increasing in recent years. Preventing and combating them is getting increasingly difficult. As a result, the world is continuously on the lookout for feasible solutions in order to keep one step ahead of the bad guys. Similarly, cyber security specialists are trying to rethink their methods because existing solutions are plainly ineffective. As a consequence, the thought of developing a cyber-ontology (or digital ontology) has recently sparked a lot of attention.

Cyber Ontology?

When one reads the definition of ontology, one instantly assumes that cyber-ontology is Greek. It is essentially described as a metaphysical branch that examines the nature of existence. However, for the purpose of clarity, cyber security experts have developed their own term. In this usage, the phrase refers to ‘a collection of ideas and categories within a subject or area that define their characteristics and connections to one another.’ In a nutshell, science defines the interactions and connections between various components.

Few cybersecurity professionals are aware of the concept of a digital ontology. However, the notion dates back a few years. A number of organizations, including Carnegie Mellon University’s CERT program, have supported the concept. Members of the organization took part in the First International Workshop on Ontology and Taxonomy for Security in 2012. (SecOnt). It was recommended at the time that the cybersecurity industry develop a common language and a fundamental structure. The community would be able to build a shared understanding, or ontology, by using this common language and structure.

Digital ontology’s potential worth

• A comprehensive strategy that may result in the development of new goods

Some cybersecurity players have already adopted this emerging concept and are reaping unique benefits. Companies have been able to develop new capabilities. Whereas they used to look at threats in isolation, they have now taken a holistic approach.

• An alternative perspective

Another advantage of the notion is that it provides a different approach to cyber security. It is evident that old models are no longer functional, and continuing to use them would be foolish. Our focus switches with this new strategy, and our chances of success improve. Data is the center of cyber-ontology, which tracks it throughout its life cycle. This enables security experts to examine how different heterogeneous technology components interact with security ecosystems and what influence they have on one another.

• The time factor

The application of cyber-ontology to incidents in real time enables security experts to comprehend the true origins and meanings of an occurrence in real time. Using outdated technologies, on the other hand, may take hours or days, during which time the damage would only worsen.

Are there any limitations to cyber-ontology?

It is crucial to highlight that, despite continuous conversations, not everyone agrees on the subject’s future potential. Some security specialists have raised worry with ontologies’ static nature and, as a result, their inadequacies in cyber warfare. These reservations are frequently expressed in relation to the use of ontologies for endpoint security. The ability to deal with malware in real time is critical in these situations. Early ontology-based definitions of cyber security were, admittedly, mainly static.

So what?

Ontology-based cybersecurity is currently ready to incorporate, among other technologies, artificial intelligence and machine learning. As a result, they are capable of adjusting to various surroundings and changes. It also implies that ontological models may continue to evolve by using data to enhance detection and mitigation of risks. With this in mind, they may become the hidden weapon required to supplement behavioral analysis. And possess the necessary capabilities to thwart cyber attacks before they spread to a large number of people.

Sources:

• Burger Eric, ‘Semantic ontologies for cyber threat sharing standards’, https://ieeexplore.ieee.org/document/7568896, (2016)
• Möller Dietmar, ‘Cybersecurity Ontology’, https://link.springer.com/chapter/10.1007%2F978-3-030-60570-4_7, (2020)
• ,Obrst Leo, ‘Developing an Ontology of the Cyber Security Domain’, http://ceur-ws.org/Vol-966/STIDS2012_T06_ObrstEtAl_CyberOntology.pdf
• Ohlhorst Franck, ‘Are Cyber-Ontologies the Future of Cybersecurity?’, https://securityboulevard.com/2019/07/are-cyber-ontologies-the-future-of-cybersecurity/, (2019)