Norwegian version of this page

TOCSA: Threat Ontologies for CyberSecurity Analytics

This project aims at developing models and tools for automated or semi-automated classification and discovery of cyberthreats based on ontologies and semantic reasoning.

About the project

The TOCSA-project is funded by Norges forskningsråd (NFR) within the framework for Industry Ph.Ds (Nærings-Ph.D). The project is a collaboration between

The planned duration of the project is 48 months, the funding period spans the period mid 2016 and till mid  2020.

Project number: 263375

In a nutshell

Too often security professionals are only observing the evidence of cyberattacks – trails of information that are the long left-behind remnants from an attacker’s past actions. When defending against these attacks, priority is understandably placed on recovering from the current attack, with identifying the attackers as an afterthought. The repercussion is that attackers are rarely identified, seldom prosecuted, and able to operate with an almost free-reign.

This observation provides the motivation for the research project that will develop models and tools based on ontologies for fully and semi-automated classification and discovery of cyberthreats.


The following publications have been made from the TOCSA project:


The following presentations of TOCSA have been made: 

Tags: security, ontologies, semantic technology, cyber attacks, threat intelligence, security analytics
Published Sep. 7, 2016 9:40 PM - Last modified June 24, 2019 10:26 AM