Cyber attacks are fast becoming one of the biggest threats to national security. They are easy and inexpensive ways for our adversaries to cause substantial damage to the nation’s critical infrastructure – the electrical grid, power plants, nuclear facilities, financial institutions, military bases, and many others. In addition, there is an increasing threat of cyber espionage aimed at obtaining valuable intellectual property and technologies as well as accessing sensitive or classified information.
Recent history has shown that these types of cyber attacks can be effective. There have been numerous institutions, both commercial and government, that have had the security of their customers’ or employees’ personal identifying information compromised through cyber attacks. The U.S. Government warns that the electric power transmission grid is susceptible to cyber warfare and that perpetrating countries, organizations, or individuals could leave behind software programs that could disrupt the system at a time of the attackers’ choosing.
Much of the current focus on cyber security has been on analyzing information contained in various structured data sources such as network activity logs and Internet traffic patterns. Data mining tools have been used with this type of structured data to detect attack patterns and identify sources of attacks as well as monitor cyber situations in real time. However, such conventional means of analysis should be augmented with sophisticated text mining techniques to analyze the critical information found in unstructured data. This will allow the development of more comprehensive cyber threat profiles that will greatly enhance cyber security capabilities.
The NetOwl Cyber Security Ontology integrates concepts from US CERT, US Department of Defense, and other leading cyber security organizations. In addition, it includes ontological coverage for concepts in critical infrastructure such as energy, financial, and telecommunication facilities and organizations. With NetOwl, organizations can process large volumes of unstructured content and automatically identify key cyber-related events such as denial of service attacks, cyber espionage, cyber theft, insider threat, and malware attacks, as well as entities involved in these cyber events – including attackers, target organizations, and target assets.