Visible to the public An Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems

TitleAn Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsIslam, Chadni, Babar, Muhammad Ali, Nepal, Surya
Conference Name2019 IEEE/ACM International Conference on Software and System Processes (ICSSP)
KeywordsAustralia, automated integration process, Automated Response Actions, composability, Computer crime, cybersecurity attacks, DDoS Attack, distributed denial of service attacks, Expert Systems and Security, Human Behavior, incident response process, interoperability, Limacharlie, OnSOAP, Ontologies, ontologies (artificial intelligence), Ontology, ontology-driven approach, open systems, Organizations, pubcrawl, Resiliency, Scalability, SecOrP, security of data, security orchestration, security orchestration platform, security software systems, security system, security systems integration processes, Semantics, Snort, Splunk, Task Analysis

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

Citation Keyislam_ontology-driven_2019