Kang, Ji, Sun, Yi, Xie, Hui, Zhu, Xixi, Ding, Zhaoyun.
2021.
Analysis System for Security Situation in Cyberspace Based on Knowledge Graph. 2021 7th International Conference on Big Data and Information Analytics (BigDIA). :385–392.
With the booming of Internet technology, the continuous emergence of new technologies and new algorithms greatly expands the application boundaries of cyberspace. While enjoying the convenience brought by informatization, the society is also facing increasingly severe threats to the security of cyberspace. In cyber security defense, cyberspace operators rely on the discovered vulnerabilities, attack patterns, TTPs, and other knowledge to observe, analyze and determine the current threats to the network and security situation in cyberspace, and then make corresponding decisions. However, most of such open-source knowledge is distributed in different data sources in the form of text or web pages, which is not conducive to the understanding, query and correlation analysis of cyberspace operators. In this paper, a knowledge graph for cyber security is constructed to solve this problem. At first, in the process of obtaining security data from multi-source heterogeneous cyberspaces, we adopt efficient crawler to crawl the required data, paving the way for knowledge graph building. In order to establish the ontology required by the knowledge graph, we abstract the overall framework of security data sources in cyberspace, and depict in detail the correlations among various data sources. Then, based on the \$$\backslash$mathbfOWL +$\backslash$mathbfSWRL\$ language, we construct the cyber security knowledge graph. On this basis, we design an analysis system for situation in cyberspace based on knowledge graph and the Snort intrusion detection system (IDS), and study the rules in Snort. The system integrates and links various public resources from the Internet, including key information such as general platforms, vulnerabilities, weaknesses, attack patterns, tactics, techniques, etc. in real cyberspace, enabling the provision of comprehensive, systematic and rich cyber security knowledge to security researchers and professionals, with the expectation to provide a useful reference for cyber security defense.
Birrane, Edward J., Heiner, Sarah E..
2021.
Towards an Interoperable Security Policy for Space-Based Internetworks. 2021 IEEE Space Computing Conference (SCC). :84–94.
Renewed focus on spacecraft networking by government and private industry promises to establish interoperable communications infrastructures and enable distributed computing in multi-nodal systems. Planned near-Earth and cislunar missions by NASA and others evidence the start of building this networking vision. Working with space agencies, academia, and industry, NASA has developed a suite of communications protocols and algorithms collectively referred to as Delay-Tolerant Networking (DTN) to support an interoperable space network. Included in the DTN protocol suite is a security protocol - the Bundle Protocol Security Protocol - which provides the kind of delay-tolerant, transport-layer security needed for cislunar and deep-space trusted networking. We present an analysis of the lifecycle of security operations inherent in a space network with a focus on the DTN-enabled space networking paradigm. This analysis defines three security-related roles for spacecraft (Security Sources, verifiers, and acceptors) and associates a series of critical processing events with each of these roles. We then define the set of required and optional actions associated with these security events. Finally, we present a series of best practices associated with policy configurations that are unique to the space-network security problem. Framing space network security policy as a mapping of security actions to security events provides the details necessary for making trusted networks semantically interoperable. Finally, this method is flexible enough to allow for customization even while providing a unifying core set of mandatory security actions.
Lingga, Patrick, Kim, Jeonghyeon, Bartolome, Jorge David Iranzo, Jeong, Jaehoon.
2021.
Automatic Data Model Mapper for Security Policy Translation in Interface to Network Security Functions Framework. 2021 International Conference on Information and Communication Technology Convergence (ICTC). :882–887.
The Interface to Network Security Functions (I2NSF) Working Group in Internet Engineering Task Force (IETF) provides data models of interfaces to easily configure Network Security Functions (NSF). The Working Group presents a high-level data model and a low-level data model for configuring the NSFs. The high-level data model is used for the users to manipulate the NSFs configuration easily without any security expertise. But the NSFs cannot be configured using the high-level data model as it needs a low-level data model to properly deploy their security operation. For that reason, the I2NSF Framework needs a security policy translator to translate the high-level data model into the corresponding low-level data model. This paper improves the previously proposed Security Policy Translator by adding an Automatic Data Model Mapper. The proposed mapper focuses on the mapping between the elements in the high-level data model and the elements in low-level data model to automate the translation without the need for a security administrator to create a mapping table.