Automated Cyber Vulnerability Analysis using Machine Reasoning

Abstract

One of the major cyber security challenges we face today is overcoming the current limits of security information systems ability to improve an organization’s overall security posture and prioritize the security focus of an enterprise-level network. Latest developments in cyber security relating to the vulnerability of national assets, public utilities, and private industry have raised concern about threat response. The basic advantage to the cybercriminal is a reliance on the overwhelming number of attack vectors at their disposal. The amount of information presented to security analysts in large enterprises (e.g. thousands of machines, one million plus security incidents per day) is a challenging problem. This places analysts at a disadvantage of reactive security defense without a systematic approach to prioritize the security focus of a mission critical enterprise level network. Information presented, while abundant, lacks the context for arriving at knowledge to help determine critical node urgency, true priority of response, and the application of best courses of actions. To improve the security posture and assist the cyber defender, a new paradigm called Automated Cyber Vulnerability Analysis using Machine Reasoning has been implemented which captures relationships between security concepts and physical systems. The development of a Cyber Security Ontology and Cyber Security Infrastructure Ontology is outlined and the value of using ontology-based computational artifacts to support information integration and semantically reason about the impact of vulnerability and attacks on actual enterprise physical systems is demonstrated. We also implement scenarios that adopt a rule engine to enhance the machine reasoning ability of the ontology, resulting in new courses of actions and recommendations for the protection of physical enterprise systems. Our implementation is realized, and results show our approach as a powerful construct to improve security posture, offering a systematic approach to enhance cyber security decision support increasing the speed of analysis.