In security there is a wide range of information that has to be collected when performing a digital investigation. This information includes, but is not limited to:
- memory artifacts
- artifacts from storage devices
- network communications
- OS artifacts
- log files (host, service, network security appliances etc.) All this information has to be processed in order to understand e.g. what has happened in a information system, the possible attack scenarios or how to define and apply defense mechanisms and measure their effectiveness.
This information is collected from different tools, with different scope and granularity, and having in many cases totally different output. Evidently, to correlate this information and extract the needed knowledge, the unification process can be greatly improved by a security ontology.
While there are several ontologies in the literature, we extend current state of the art by introducing extending the CASE and UCO ontologies.
To explore the ontology you may use Protégé or any other ontology editor.
This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the project YAKSHA (Grant Agreement no. 780498)