OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Knowledge Graphs

Hello,

I'm interested in the continued development of STIX evolving to an alignment with Semantic Web technology and to embrace the development of CTI as a Knowledge Graph implementation.  This will enhance the Linked Open Data community.  I'm attempting to transform the STIX "language" into a suitable ontology (a semantics based language) that can be employed to structure CTI as well as the general Threat Intelligence domain.  Has the committee considered such a thing?  There is a group at UMBC, the Ebiquity Research Group, that is developing a Unified Cybersecurity Ontology (UCO) that has focused on STIX but includes MISP and others.  The main developer is Dr. Tim Finin (https://ebiquity.umbc.edu/person/html/Tim/Finin).  I've taken that as a base and transformed it to better represent a language I can use.

In effect, historically, STIX looks like it was developed separately and in parallel with Semantic Web technology.  Both began with the XML technology.  It looks like STIX is trying to achieve what the Semantic Web has achieved for many different domains--a common, agnostic technology to develop domain languages and represent them as knowledge graphs.  The current baseline ontology, the Web Ontology Language (OWL) not only contains all the algebra to realize such a CTI domain language, but also allows the use of machine learning principles--specifically inferencing engines.  Transforming STIX to such a specification opens a whole additional world for the CTI domain.  One transport mechanism is JSON-LD which has matured quite a bit lately.  JSON-LD could be used to transform the current implementation examples.  However, Semantic Web tech has multiple serialization formats available.

Additionally, SPARQL endpoints and easy data federation can help transform TAXII as well since the Semantic Web stack is designed to employ "Proof" and "Trust".

Thanks,
 
Dr. Keven L. Ates 

Chief Technology Officer 

Cyber Division Front Office 

Desk:703-633-4084 

Cell:214-422-3299 

This e-mail, and any attachments hereto, may contain information that is privileged, proprietary, confidential and/or exempt from disclosure under law and are intended only for the designated addressee(s). If you are not the intended recipient of this message, or a person authorized to receive it on behalf of the intended recipient, you are hereby notified that you must not use, disseminate, copy in any form, or take any action based upon the email or information contained therein.


DISCLAIMER: I am not an official contracting officer. Therefore, this communication represents neither a commitment nor a binding agreement.  Any inquiries made to external vendors are for research purposes only.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]