To improve cyber threat analysis practices in cybersecurity, I present a plan to build a formal ontological representation of state actors in cyberspace and of cyber operations. I argue that modelling these phenomena via ontologies allows for coherent integration of data coming from diverse sources, automated reasoning over such data, as well as intelligence extraction and reuse from and of them. Existing ontological tools in cybersecurity can be ameliorated by connecting them to neighboring domains such as law, regulations, governmental institutions, and documents. In this paper, I propose metrics to evaluate currently existing ontological tools to create formal representations in the cybersecurity domain, and I provide a plan to develop and extend them when they are lacking.
翻译:为改进网络安全领域的网络威胁分析实践,本文提出构建网络空间国家行为体及网络行动形式化本体表征体系的规划方案。通过本体论建模这些现象,能够实现多源数据的协调整合、自动化推理分析,以及情报信息的提取与复用。通过将现有网络安全本体工具与法律规范、监管体系、政府机构和文献资料等相邻领域建立关联,可有效完善现有工具。本文提出评估网络安全领域现有形式化表征工具的指标体系,并在工具缺失时提供开发与扩展的实施方案。