Paper Reading AI Learner

IRSKG: Unified Intrusion Response System Knowledge Graph Ontology for Cyber Defense

2024-11-23 23:31:55
Damodar Panigrahi, Shaswata Mitra, Subash Neupane, Sudip Mittal, Benjamin A. Blakely

Abstract

Cyberattacks are becoming increasingly difficult to detect and prevent due to their sophistication. In response, Autonomous Intelligent Cyber-defense Agents (AICAs) are emerging as crucial solutions. One prominent AICA agent is the Intrusion Response System (IRS), which is critical for mitigating threats after detection. IRS uses several Tactics, Techniques, and Procedures (TTPs) to mitigate attacks and restore the infrastructure to normal operations. Continuous monitoring of the enterprise infrastructure is an essential TTP the IRS uses. However, each system serves different purposes to meet operational needs. Integrating these disparate sources for continuous monitoring increases pre-processing complexity and limits automation, eventually prolonging critical response time for attackers to exploit. We propose a unified IRS Knowledge Graph ontology (IRSKG) that streamlines the onboarding of new enterprise systems as a source for the AICAs. Our ontology can capture system monitoring logs and supplemental data, such as a rules repository containing the administrator-defined policies to dictate the IRS responses. Besides, our ontology permits us to incorporate dynamic changes to adapt to the evolving cyber-threat landscape. This robust yet concise design allows machine learning models to train effectively and recover a compromised system to its desired state autonomously with explainability.

Abstract (translated)

网络攻击因其复杂性而变得越来越难以检测和预防。为此,自主智能网络安全代理(AICAs)正在成为关键解决方案之一。其中一种突出的AICA是入侵响应系统(IRS),它在检测到威胁后对于减轻风险至关重要。IRS使用多种战术、技术和程序(TTPs)来缓解攻击并恢复基础设施的正常运行。持续监控企业基础设施是IRS使用的TTP中的一项重要技术。然而,每个系统的用途不同,以满足运营需求。将这些不同的来源整合用于持续监控会增加预处理复杂性,并限制自动化,最终延长关键响应时间,让攻击者有更多机会利用漏洞。 我们提出了一种统一的入侵响应系统知识图谱本体(IRSKG),它简化了新的企业系统的集成过程,作为AICAs的数据源。我们的本体可以捕获系统监控日志和补充数据,如包含管理员定义策略以决定IRS响应规则库。此外,我们的本体允许我们整合动态变化以适应不断演变的网络威胁态势。这种强大而简洁的设计使得机器学习模型能够有效地训练,并自主地将受损系统恢复到其期望的状态,同时保持可解释性。

URL

https://arxiv.org/abs/2411.15672

PDF

https://arxiv.org/pdf/2411.15672.pdf


Tags
3D Action Action_Localization Action_Recognition Activity Adversarial Agent Attention Autonomous Bert Boundary_Detection Caption Chat Classification CNN Compressive_Sensing Contour Contrastive_Learning Deep_Learning Denoising Detection Dialog Diffusion Drone Dynamic_Memory_Network Edge_Detection Embedding Embodied Emotion Enhancement Face Face_Detection Face_Recognition Facial_Landmark Few-Shot Gait_Recognition GAN Gaze_Estimation Gesture Gradient_Descent Handwriting Human_Parsing Image_Caption Image_Classification Image_Compression Image_Enhancement Image_Generation Image_Matting Image_Retrieval Inference Inpainting Intelligent_Chip Knowledge Knowledge_Graph Language_Model LLM Matching Medical Memory_Networks Multi_Modal Multi_Task NAS NMT Object_Detection Object_Tracking OCR Ontology Optical_Character Optical_Flow Optimization Person_Re-identification Point_Cloud Portrait_Generation Pose Pose_Estimation Prediction QA Quantitative Quantitative_Finance Quantization Re-identification Recognition Recommendation Reconstruction Regularization Reinforcement_Learning Relation Relation_Extraction Represenation Represenation_Learning Restoration Review RNN Robot Salient Scene_Classification Scene_Generation Scene_Parsing Scene_Text Segmentation Self-Supervised Semantic_Instance_Segmentation Semantic_Segmentation Semi_Global Semi_Supervised Sence_graph Sentiment Sentiment_Classification Sketch SLAM Sparse Speech Speech_Recognition Style_Transfer Summarization Super_Resolution Surveillance Survey Text_Classification Text_Generation Time_Series Tracking Transfer_Learning Transformer Unsupervised Video_Caption Video_Classification Video_Indexing Video_Prediction Video_Retrieval Visual_Relation VQA Weakly_Supervised Zero-Shot