Intelligence Graphs for Threat Intelligence and Security Policy Validation of Cyber Systems

  • Vassil VassilevEmail author
  • Viktor Sowinski-Mydlarz
  • Pawel Gasiorowski
  • Karim Ouazzane
  • Anthony Phipps
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1164)


While the recent advances in data science and machine learning attract lots of attention in cyber security because of their promise for effective security analytics, vulnerability analysis, risk assessment, and security policy validation remain slightly aside. This is mainly due to the relatively slow progress in the theoretical formulation and the technological foundation of the cyber security concepts such as logical vulnerability, threats, and risks. In this article, we are proposing a framework for logical analysis, threat intelligence, and validation of security policies in cyber systems. It is based on multi-level model, consisting of ontology of situations and actions under security threats, security policies governing the security-related activities, and graph of the transactions. The framework is validated using a set of scenarios describing the most common security threats in digital banking, and a prototype of an event-driven engine for navigation through the intelligence graphs has been implemented. Although the framework was developed specifically for application in digital banking, the authors believe that it has much wider applicability to security policy analysis, threat intelligence, and security by design of cyber systems for financial, commercial, and business operations.


Knowledge graphs Ontologies Threat intelligence Security policies Security analytics 



The work reported here has been carried out at the Cyber Security Research Centre of London Metropolitan University. It was initiated in collaboration with Lloyds Banking Group to investigate the logical vulnerabilities in cross-channel banking. It was granted support from UK DCMS under Cyber ASAP program. It continues under a project dedicated to threat intelligence funded by Lloyds, but all examples in the paper are solely for the purpose of illustration and do not use any internal data from the bank. Any concepts, ideas, and opinions formulated by the authors in this article are not associated with the current security practices of Lloyds Banking Group.


  1. 1.
    J. Nearly, 75% of Banks were Unprepared for Cyber Attacks in 2018 (2019). Last accessed 2019/10/27
  2. 2.
    J. Marous, Technology Giants pose major threat to banking industry, in The Financial Brand (2019). Last accessed 2019/10/27Google Scholar
  3. 3.
    Acunetix, Logical and Technical Vulnerabilities—What They are and how can they be Detected? (2019). Last accessed: 2019/10/27
  4. 4.
    Netsparker, Understanding the Differences Between Technical and Logical Web Application Vulnerabilities (2019). Last accessed: 2019/10/27
  5. 5.
    Intruder Systems, A Proactive Vulnerability Scanner, for Your External Infrastructure (2019). Last accessed: 2019/06/30
  6. 6.
    Greenbone Networks, OpenVAS—Open Vulnerability Assessment System (2019). Last accessed: 2019/07/01
  7. 7.
    Rapid7, Nexpose. Your On-prem Vulnerability Scanner (2019). Last accessed: 2019/07/01
  8. 8.
    InfoSight, Network & Cyber Security Services (2016). Last accessed: 2019/06/29
  9. 9.
    Kenna Security, (2018). Last accessed: 2019/06/29
  10. 10.
    Coalfire, Cyber Risk Services. Last accessed 2019/04/26
  11. 11.
    Vigilant Software, vsRisk Cloud—Cyber Risk Assessments made Simple (2019). Last accessed: 2019/10/27
  12. 12.
    ABB, System 800xA Cyber Security—Maximizing Cyber Security in Process Automation. Last accessed: 2019/10/27
  13. 13.
    Google,CSP Evaluator. Last accessed: 2019/10/27
  14. 14.
    Threatmodeler, The Evolution of Threat Modeling (2016). Last accessed: 2019/10/27
  15. 15.
    G. Blokdyk, in Threat Modelling, 2nd ed. (5STARCooks, 2018). ISBN: 0655196072Google Scholar
  16. 16.
    K. Bataityte, V. Vassilev, O. Gill, in Ontological Foundations of Modelling Security Policies for Logical Analysis, ed. by I. Maglogiannis, L. Iliadis, E. Pimenidis. Proceeding of the 16th Artificial Intelligence Applications and Innovations Conference - AIAI 2020, Thessaloniki, Greece (Springer, 2020, in print)Google Scholar
  17. 17.
    D. Allemang, J. Hendler, in Semantic Web for the Working Ontologist, (MK, 2011)Google Scholar
  18. 18.
    D. McGuinness, F. Van Harmelen (eds.), OWL Web Ontology Language (2004). Last accessed 2019/04/23
  19. 19.
    I. Horrocks, P. Patel-Schneider et al. (eds.), SWRL—A Semantic Web Rule Language (2004). Last accessed 2019/04/23
  20. 20.
    A. Herzog, N. Shahmehri, C. Duma, An ontology of information security. Int. J. Inf. Secur. Privacy 1(4), 1–23 (2007)CrossRefGoogle Scholar
  21. 21.
    A. Souag, C. Salinesi, I. Wattiau, Ontologies for security requirements, in Proceedings of International Conference on Advanced Information Systems Engineering CAISE2010 (2010), pp. 61–69Google Scholar
  22. 22.
    M. Iannacone, S. Bohn, G. Nakamura et al., Developing an ontology for cyber security knowledge graphs, in Proceedings of ACM CISR’15 (2015), pp. 12:1–12:4Google Scholar
  23. 23.
    Red Hat, Inc., Drools (overview). Last accessed 2019/03/11

Copyright information

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021

Authors and Affiliations

  • Vassil Vassilev
    • 1
    Email author
  • Viktor Sowinski-Mydlarz
    • 1
  • Pawel Gasiorowski
    • 1
  • Karim Ouazzane
    • 2
  • Anthony Phipps
    • 2
  1. 1.Cyber Security Research Centre, London Metropolitan UniversityLondonUK
  2. 2.School of Computing and Digital MediaLondon Metropolitan UniversityLondonUK

Personalised recommendations