TOCSA: Threat Ontologies for CyberSecurity Analytics
This project aims at developing models and tools for automated or semi-automated classification and discovery of cyberthreats based on ontologies and semantic reasoning.
About the project
The TOCSA-project is funded by Norges forskningsråd (NFR) within the framework for Industry Ph.Ds (Nærings-Ph.D). The project is a collaboration between
The planned duration of the project is 48 months, the funding period spans the period mid 2016 and till mid 2020.
Project number: 263375
In a nutshell
Too often security professionals are only observing the evidence of cyberattacks – trails of information that are the long left-behind remnants from an attacker’s past actions. When defending against these attacks, priority is understandably placed on recovering from the current attack, with identifying the attackers as an afterthought. The repercussion is that attackers are rarely identified, seldom prosecuted, and able to operate with an almost free-reign.
This observation provides the motivation for the research project that will develop models and tools based on ontologies for fully and semi-automated classification and discovery of cyberthreats.
The following publications have been made from the TOCSA project:
- "Semantic Cyberthreat modelling" - STIDS2016
- "Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence" - EISIC 2017
- "Ethical Considerations in Sharing Cyber Threat Intelligence" - NISK 2017
The following presentations of TOCSA have been made and are planned:
- September 2017, EISIC2017
- June 2017, FIRST Conference, Puerto Rico.
- March 29th 2017, NSM Sikkerhetskonferansen
- February 7th 2017, mnemonic breakfast seminar
- November 16th 2016, Semantic Technology for Intelligence, Defence and Security (STIDS2016), George Mason University.