netidee
Netidee Blog Bild
An ATT&CK-KG for Linking CybersecurityAttacks to Adversary Tactics and Techniques (ISWC P&D 2021)
Poster Paper @ISWC 2021 (29.08.2021)
Förderjahr 2017 / Science Call #1 / ProjektID: / Projekt: SEPSES

We are happy to announce that our poster paper title “An ATT&CK-KG for Linking Cybersecurity Attacks to Adversary Tactics and Techniques” has been accepted at the ISWC conference 2021.

The paper discusses an extension of our prior work namely Cybersecurity Knowledge Graph (CSKG) with adversary tactics and techniques to support analysts in connecting log events to higher-level attack steps.

For this purpose, we developed a vocabulary to represent rich threat intelligence instance data from MITRE ATT&CK in a knowledge graph as visualized in the following excerpt:

ATT&CK Ontology

To demonstrate this method, we also introduced a method to translate community-based threat detection rules from sources such as Sigma, into SPARQL queries and link the alerts they produce to adversarial tactics and techniques defined in ATT&CK.

The following figure visualizes an example of threat detection based on translated Sigma rules on RDF Log graphs. Once detected, the respected alerts will be automatically linked to the ATT&CK knowledge graph. For example, node (“/tmp/vUgefal”) is detected as an alert and automatically linked to the attack technique T1204.002.

Sigma - Rule Based Threat detection with ATT&CK

The constructed ATT&CK knowledge graph makes it possible to explore and integrate additional information from the cybersecurity knowledge graph (e.g. via SPARQL Query federation) such as attack tactics, mitigations, adversary group, and attack patterns (CAPEC).

Tags:

MITRE ATT&CK Sigma Rule semantics Attack Construction

Kabul Kurniawan

Male avatar
CAPTCHA
Diese Frage dient der Überprüfung, ob Sie ein menschlicher Besucher sind und um automatisierten SPAM zu verhindern.

    Weitere Blogbeiträge

    Netidee Blog Bild

    Virtual Knowledge Graphs for Federated Log Analysis (ARES Conference 2021)

    The paper introduces a novel approach to dynamically construct virtual log knowledge graphs directly from heterogeneous raw log files across multiple hosts. It furthermore contextualizes the results with internal and external background knowledge to ...
    Netidee Blog Bild

    The SLOGERT Framework for Automated Log Knowledge Graph Construction (ESWC 2021)

    SLOGERT is an approach to (semi-)automatically transform raw log data, i.e., textual records of system events, into RDF graphs following a sequence of processes. SLOGERT supports automatic identification of rich RDF graph modelling patterns to repres...

    Automated Knowledge Graph Construction From Raw Log Data

    Logs are a crucial source of information to diagnose the health and status of systems, but their manual investigation typically does not scale well and often leads to a lack of awareness and incomplete transparency about issues. To tackle this challe...
    Netidee Blog Bild

    Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach (IFIPSEC 2020)

    In this paper, we introduce a semantic approach for file system activity monitoring and forensics. We proposed a vocabulary (depicted in Figure 1) for file access information and implement an architecture (shown in Figure 2) for log acquisition, log ...

    Report from the Semantics 2019 Conference

    Semantics 2019 Trip Report

    The SEPSES knowledge graph: An integrated resource for cybersecurity (ISWC 2019)

    Resource paper @ISWC
    File activity graph example

    Semantic Integration and Monitoring of File System Activity (Semantics 2019)

    Semantics 2019 - Poster & Demo Session

    SEPSES Cybersecurity Knowledge Graph (CSKG)

    Im Rahmen des SEPSES-Projekts haben wir einen Cybersecurity Knowledge Graph (CSKG) entwickelt, der Informationen zu identifizierten Software-Schwachstellen, konzeptuellen Entwicklungsfehlern und Angriffsmustern aus verschiedenen öffentlich zugänglich...

    Finding Non-compliances with Declarative Process Constraints through Semantic Technologies (CAiSE’19 Forum)

    Declarative Process Constraints through Semantic Technologies

    Taming the logs - Vocabularies for semantic security analysis (Semantics 2018)

    Von 10 bis 13 September 2018 fand die SEMANTICS https://2018.semantics.cc/ Konferenz in Wien statt. Es handelt sich um eine europäische Konferenz mit Fokus auf semantische Technologien und künstlicher Intelligenz, bei der sich Forscher und Industriee...

    Towards Security-Aware Virtual Environments for Digital Twins (CPSS 2018)

    Am 4. Juni 2018 fand der 4. ACM Workshop on Cyber-Physical System Security in Incheon, Korea statt. Dieser Workshop konzentriert sich auf Sicherheitsherausforderungen in Cyber-physischen Systemen und bietet eine Plattform für Experten aus Forschung u...

    Semantic Query Federation for Scalable Security Log Analysis (ESWC 2018)

    In der ersten Juniwoche fand die 15. Extended Semantic Web Conference (ESWC) 2018 auf Kreta statt. Die ESWC ist eine der wichtigsten Konferenzen im Bereich semantischer Technologien und ich hatte die Gelegenheit, meine Arbeit „Semantic Query Federati...
    Netidee Blog Bild

    Presse-Artikel

    Projekt SEPSES in diePresse.at
    Datenschutzinformation
    Impressum | Datenschutz
    Der datenschutzrechtliche Verantwortliche (Internet Privatstiftung Austria - Internet Foundation Austria, Österreich) würde gerne mit folgenden Diensten Ihre personenbezogenen Daten verarbeiten. Zur Personalisierung können Technologien wie Cookies, LocalStorage usw. verwendet werden. Dies ist für die Nutzung der Website nicht notwendig, ermöglicht aber eine noch engere Interaktion mit Ihnen. Falls gewünscht, können Sie Ihre Einwilligung jederzeit via unserer Datenschutzerklärung anpassen oder widerrufen.
    Sonstige Inhalte (1 Dienst)
    Einbindung zusätzlicher Informationen
    YouTube
    Google Ireland Limited, Irland
    Alle Detailszu YouTube
    Alle Detailszu YouTube