Personalizar las preferencias de consentimiento

Usamos cookies para ayudarle a navegar de manera eficiente y realizar ciertas funciones. Encontrará información detallada sobre cada una de las cookies bajo cada categoría de consentimiento a continuación.

Las cookies categorizadas como “Necesarias” se guardan en su navegador, ya que son esenciales para permitir las funcionalidades básicas del sitio web.... 

Siempre activas

Las cookies necesarias son cruciales para las funciones básicas del sitio web y el sitio web no funcionará de la forma prevista sin ellas. Estas cookies no almacenan ningún dato de identificación personal.

No hay cookies para mostrar.

Las cookies funcionales ayudan a realizar ciertas funcionalidades, como compartir el contenido del sitio web en plataformas de redes sociales, recopilar comentarios y otras características de terceros.

No hay cookies para mostrar.

Las cookies analíticas se utilizan para comprender cómo interactúan los visitantes con el sitio web. Estas cookies ayudan a proporcionar información sobre métricas el número de visitantes, el porcentaje de rebote, la fuente de tráfico, etc.

No hay cookies para mostrar.

Las cookies de rendimiento se utilizan para comprender y analizar los índices de rendimiento clave del sitio web, lo que ayuda a proporcionar una mejor experiencia de usuario para los visitantes.

No hay cookies para mostrar.

Las cookies publicitarias se utilizan para entregar a los visitantes anuncios personalizados basados ​​en las páginas que visitaron antes y analizar la efectividad de la campaña publicitaria.

No hay cookies para mostrar.

Ph.D. Corner: Contribution to dynamic risk management automation by an ontology-based framework

7-phd-corner.png
11/01/2020

D. Raúl Riesco Granadino presented his Ph. D. Thesis entitled “Contribution to dynamic risk management automation by an ontology-based framework” on 2019, November 20, being his advisor Dr. Víctor A. Villagrá, senior doctor of the IPTC-UPM (RSTI Group). Part of the work was published in the International Journal of Information Security, December 2019, Volume 18, Issue 6, pp 715–739, with the title “Leveraging cyber threat intelligence for a dynamic risk framework”, which eventually was recognized with a prize in the last edition of prizes of the Cátedra Ingeniero General D. Antonio Remón y Zarco del Valle.

A summary of the thesis work follows hereby:

Risk management frameworks are not integrated and automated with Near Real Time (NRT) risk-related Cybersecurity Threat Intelligence (CTI) information. To enable such a dynamic, NRT and more realistic risk assessment and management processes, we created a new semantic version of STIX™ v2.0 for Cyber Threat Intelligence as it is becoming a de facto standard for Structured Threat Information Exchange.

At the same time, although cyber threat intelligence (CTI) exchange is a must for any organization due to the fact that no one can fight alone against all threats, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. We propose a paradigm shift of cybersecurity information exchange by introducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically within our DRM Framework. It will also contribute to the support and deployment of Dynamic Risk Management (DRM) frameworks along all our peers to share advanced intelligence, in the format of algorithms, beyond the exchange of Indicators of Compromise (IoC).

Our proposal leverages from standards like Structured Threat Information Exchange (STIX™), as well as W3C semantic web standards to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures (TTP). At the same time, we propose the use of the Ethereum Blockchain to better incentivize the sharing of that knowledge between all parties involved as well as the creation of a standard CTI token as a digital asset with a promising value in the market. An experimentation was also performed to demonstrate its benefits and incentives but also its potential limits with regard to storage and cost of transactions.

The contribution of the thesis is a Dynamic Risk Assessment and Management (DRA / DRM) framework based on ontologies. It includes an integrated, layered and networked architecture based on the Web Ontology Language (OWL), STIX™, a semantic reasoner, the use of semantic web rule language (SWRL) and the Ethereum Blockchain to approach an all-in-one solution at all levels (operational, tactic and strategic). It implements a hybrid Cyber Threat Intelligence and DRM Ontology as well as behavioral algorithms in the format of SWRL rules to infer new knowledge by the reasoner. As the dynamics is provided by the use of Intelligence Sharing, a paradigm shift based on the Ethereum Blockchain is also provided, to overcome all known issues of information sharing today.

Figure from Vega-Barbas, M., Villagrá, V. A., Monje, F., Riesco, R., Larriva-Novo, X., & Berrocal, J. (2019). Ontology-Based System for Dynamic Risk Management in Administrative Domains. Applied Sciences, 9 (21), 4547.

7-phd-corner.png

Share this: