Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD - - PowerPoint PPT Presentation

ontology and cyber security
SMART_READER_LITE
LIVE PREVIEW

Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD - - PowerPoint PPT Presentation

Dec 30, 2022 373 likes •647 views

Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD Senior Ontologist 2 2/12/2013 AGENDA Ontology of Computer Network Operations DoD and USG Efforts Cyber Fast Track Computer Network Operations (CNO) Computer

slide-1
SLIDE 1

Ontology and Cyber Security

May 18th 2013

Bill Mandrick, PhD Senior Ontologist

slide-2
SLIDE 2

Data Tactics Proprietary 2/12/2013

2

AGENDA

  • Ontology of Computer Network Operations
  • DoD and USG Efforts
  • Cyber Fast Track
  • Computer Network Operations (CNO)
  • Computer Network Defense (CND)
  • Computer Network Exploitation (CNE)
  • Computer Network Attack (CNA)
slide-3
SLIDE 3

4/18/2013 3

slide-4
SLIDE 4

4/18/2013 4

slide-5
SLIDE 5

4/18/2013 5

Commanders use the operations process to drive the conceptual and detailed planning necessary to understand, visualize, and describe their unique operational environment; make and articulate decisions; and direct, lead, and assess military operations.

slide-6
SLIDE 6
slide-7
SLIDE 7

Data Tactics Proprietary 2/12/2013

7

Ontology is the science of representing, defining, and relating the kinds and structures of objects, properties, events, processes and relations in every area of reality. An ontology is an exhaustive classification of entities in some sphere of being, which results in the formulation of robust and shareable descriptions of a given domain. (e.g. Physics, Biology, Medicine, Intelligence, etc.).

Ontology Defined

slide-8
SLIDE 8

Data Tactics Proprietary 2/12/2013

8

Information Integration Revolutions

8

Coordinated (Massing) Artillery Fires (1910-1940) Dowding Radar System (1940 Battle of Britain)

*DOTMLPF

1800’s Cartographic Revolution

slide-9
SLIDE 9

Interoperable Semantics

(example: Anatomy & Physiology)

  • Standardized Labels
  • Anatomical Continuants
  • Physiological Occurrents
  • Teachable
  • Inferencing
  • Horizontally Integrated
  • Sharing of Observations
  • Accumulated Knowledge

9

slide-10
SLIDE 10

4/18/2013 10

Authoritative References

slide-11
SLIDE 11

4/18/2013 11

Object Aggregates

slide-12
SLIDE 12

4/18/2013 12

Events

slide-13
SLIDE 13

4/18/2013 13

Events

slide-14
SLIDE 14

4/18/2013 14

Organizations & Persons

slide-15
SLIDE 15

4/18/2013 15

Information Content Entities

slide-16
SLIDE 16

Relations

slide-17
SLIDE 17

4/18/2013 17

slide-18
SLIDE 18

4/18/2013 18

slide-19
SLIDE 19

4/18/2013 19

slide-20
SLIDE 20

Computer Network Intrusion (CNI) Detection Report

4/18/2013 20

slide-21
SLIDE 21

4/18/2013 21

Timestamp Internet Protocol Address Destination Computer Role CNI Event Signature CNI Event Signature Description CNI Detection Report Computer Network Intrusion (CNI) Event Source Computer Role produces describes has_part has_part designates designates designates Trojan Horse Virus facilitates has_part

CNI Detection Sensor

detects

slide-22
SLIDE 22

4/18/2013 22

slide-23
SLIDE 23

Data Tactics Proprietary 2/12/2013

23

slide-24
SLIDE 24

Revisions Process with SME’s

SME Feedback

24

Ontology Review

slide-25
SLIDE 25

Data Tactics Proprietary 2/12/2013

25

Publish and Share

25

slide-26
SLIDE 26

Data Tactics Proprietary 2/12/2013

26

  • Need for a Cyber Operations Shared Lexicon
  • Common Logic Controlled English
  • Human Readable
  • Machine Process-able
  • Requirement for Interoperability
slide-27
SLIDE 27

Data Tactics Proprietary 2/12/2013

27