Automated Interpretation and Integration of Security Tools Using Semantic Knowledge

  • Chadni IslamEmail author
  • M. Ali BabarEmail author
  • Surya NepalEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11483)


A security orchestration platform aims at integrating the activities performed by multi-vendor security tools to streamline the required incident response process. To make such a platform useful in practice in a Security Operation Center (SOC), we need to address three key challenges: interpretability, interoperability, and automation. In this paper, we proposed a novel semantic integration approach to automatically select and integrate security tools with essential capability for auto-execution of an incident response process in a security orchestration platform. The capability of security tools and the activities of the incident response process are formalized using ontologies, which have been used for NLP based approach to classify the activities for the emerging incident response processes. The developed ontologies and NLP approaches have been used for an interoperability model for selection and integration of security tools at runtime for the successful execution of an incident response process. Experimental results demonstrate the feasibility of the classifier and interoperability model for achieving interpretability, interoperability, and automation of security tools integrated into a security orchestration platform.


Security orchestration Ontological model Self-adaptive Automation and interoperability Security automation 



This work is partially supported by Data61/CSIRO, Australia. We acknowledge the contributions of the shepherd reviewer Professor Andreas L. Opdahl from the University of Bergen, Norway who provided insightful comments with continuous engagement to improve the paper.


  1. 1.
  2. 2.
    Koyama, T., Hu, B., Nagafuchi, Y., Shioji, E., Takahashi, K.: Security orchestration with a global threat intelligence platform. NTT Tech. Rev. 13, 1–6 (2015)Google Scholar
  3. 3.
    Luo, S., Salem, M.B.: Orchestration of software-defined security services. In: 2016 IEEE International Conference on Communications Workshops, ICC 2016, pp. 436–441 (2016)Google Scholar
  4. 4.
  5. 5.
  6. 6.
    Komand. Accessed 21 Oct 2017
  7. 7.
    Feitosa, E., Souto, E., Sadok, D.H.: An orchestration approach for unwanted internet traffic identification. Comput. Netw. 56, 2805–2831 (2012)CrossRefGoogle Scholar
  8. 8.
  9. 9.
  10. 10.
    Yu, T., Fayaz, S.K., Collins, M., Sekar, V., Seshan, S.: PSI: precise security instrumentation for enterprise networks. In: Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA (2017)Google Scholar
  11. 11.
    SWIMLANE. Accessed 20 Oct 2017
  12. 12.
  13. 13.
  14. 14.
    Crowley, C., Pescatore, J.: The Definition of SOC-cess? SANS 2018 Security Operations Center Survey. SANS (2018)Google Scholar
  15. 15.
    Evesti, A., Ovaska, E.: Ontology-based security adaptation at run-time. In: 2010 4th IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO), pp. 204–212. IEEE (2010)Google Scholar
  16. 16.
    Syed, Z., Padia, A., Finin, T., Mathews, M.L., Joshi, A.: UCO: a unified cybersecurity ontology. In: AAAI Workshop: Artificial Intelligence for Cyber Security (2016)Google Scholar
  17. 17.
    Chauhan, M.A., Babar, M.A., Sheng, Q.Z.: A Reference architecture for provisioning of tools as a service: meta-model, ontologies and design elements. Future Gener. Comput. Syst. 69, 41–65 (2017)CrossRefGoogle Scholar
  18. 18.
    Krauß, D., Thomalla, C.: Ontology-based detection of cyber-attacks to SCADA-systems in critical infrastructures. In: 2016 6th International Conference on Digital Information and Communication Technology and Its Applications, DICTAP 2016, pp. 70–73 (2016)Google Scholar
  19. 19.
    Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity. Auerbach Publications, Boca Raton (2016)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of AdelaideAdelaideAustralia
  2. 2.CREST CentreAdelaideAustralia
  3. 3.Data61, CSIROSydneyAustralia

Personalised recommendations