Abstract
THEMIS (Threat Evaluation Metamodel for Information Systems) is a description logic-based framework to apply state, federal, and international law to reason about the intent of computer network attacks with respect to collateral consequences. It can be used by law enforcement agencies and prosecutors to build legally credible arguments, and by network designers to keep their defensive and retaliatory measures within lawful limits. THEMIS automates known quantitative measures of characterizing attacks, weighs their potential impact, and places them in appropriate legal compartments. From the perspective of computer networks, we develop representations and a way to reason about the non-network related consequences of complex attacks from their atomic counterparts. From the perspective of law, we propose the development of interoperable ontologies and rules that represent concepts and restrictions of heterogeneous legal domains. The two perspectives are woven together in THEMIS using description logic to reason about and guide defensive, offensive, and prosecutorial actions.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Automated incident reporting (airCERT). Technical report, Carnegie Mellon Software Engineering Institute, Cert Coordination Center
The rule markup initiative (2004), http://www.ruleml.org/
The Semantic Web (2004), http://www.w3.org/2001/sw/
Joint US/EU ad hoc Agent Markup Language Committee. SWRL: A semantic web rule language combining OWL and RuleML (2003), http://www.daml.org/2003/11/swrl/
Ammann, P., Wijesekera, D., Kaushak, S.: Scalable, graph based network vulnerability analysis. In: Proc. of the 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)
Ashley, K.D.: Modeling Legal Argument: Reasoning with Cases and Hypotheticals. Bradford Books/MIT Press, Cambridge, MA (1990)
Berners-Lee, T., Hendler, J., Lassila, O.: The Semantic Web. Scientific American (2001)
Branting, K.: Reasoning with portions of precedents. In: Proc. 3rd Intl. Conf. on Artificial Intelligence and Law, pp. 145–154. ACM Press, New York (1991)
Chen, H., Finin, T., Joshi, A.: Using OWL in a pervasive computing broker. In: Workshop on Ontologies in Open Agent Systems, AAMAS, citeseer.nj.nec.com/583175.html
Grosof, B.N.: Representing e-business rules for the semantic web: Situated courteous logic programs in RuleML. In: Proc. Workshop on Information Technologies and Systems, WITS 2001 (2001)
Auguston, M., Rowe, N., Michael, J.B., Riehle, R.D.: Software decoys: Intrusion detection and countermeasures. In: Proc. Workshop on Information Assurance, pp. 130–139. IEEE, Los Alamitos (2002)
Michael, J.B.: On the response policy of software decoys: Conducting softwarebased deception in the cyber battlespace. In: Proc. of the 26th Annual International Computer Software and Applications Conference, pp. 957–962. IEEE, Los Alamitos (2002)
Michael, J.B., Fragkos, G., Auguston, M.: An experiment in software decoy design: Intrusion detection and countermeasures via system call instrumentation. In: di Vimercati, S.D.C., Samarati, P., Gritzalis, D., Katsikas, S. (eds.) Security and Privacy in the Age of Uncertainty, pp. 253–264. Kluwer Academic Publishers, Norwell (2003)
Michael, J.B., Fragkos, G., Wijesekera, D.: Measured responses to cyber attacks using schmitt analysis: A case study of attack scenarios for a software-intensive system. In: Proc. Twenty-seventh Annual Int. Computer Software and Applications Conf., pp. 621–627. IEEE, Los Alamitos (2003)
Michael, J.B., Wingfield, T.C.: Lawful cyber decoy policy. In: di Vimercati, S.D.C., Samarati, P., Gritzalis, D., Katsikas, S. (eds.) Security and Privacy in the Age of Uncertainty, pp. 483–488. Kluwer Academic Publishers, Norwell (2003)
The Honeynet Project. Know your Enemy - Revealing the Security Tools Tactic, and Motives of the Blackhat Community. Addison-Wesley (2002)
Rissland, E.L., Ashley, K.D.: A case-based system for trade secrets law. In: Proc. 1st Intl. Conf. on Artificial Intelligence and Law, pp. 61–67. ACM Press, New York (1987)
Schmitt, M.N.: Computer network attack and the use of force in international law: Thoughts on a normative framework. Information Series, vol. 1. Research Publication (1999)
Skalak, D.B., Rissland, E.L.: Argument moves in a rule-guided domain. In: Proc. 3rd Intl. Conf. on Artificial Intelligence and Law, pp. 1–11. ACM Press, New York (1991)
Undercoffer, J.L., Joshi, A., Finin, T., Pinkston, J.: A target-centric ontology for intrusion detection: Using DAML+OIL to classify intrusive behaviors. Knowledge Engineering Review – Special Issue on Ontologies for Distributed Systems (2004)
Visser, P., Bench-Capon, T.: The formal specification of a legal ontology. In: Legal Knowledge Based Systems; foundations of legal knowledge systems. Proceedings JURIX 1996. R.W. (1996), citeseer.ist.psu.edu/visser96formal.html
Visser, P., Bench-Capon, T.: A comparison of two legal ontologies. In: Working papers of the First International Workshop on Legal Ontologies, University of Melbourne, Melbourne (1997), citeseer.ist.psu.edu/visser97comparison.htm
Wingfield, T.: The Law of Information Conflict: National Security Law in Cyberspace. Aegis Research Corp. (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Farkas, C., Wingfield, T.C., Michael, J.B., Wijesekera, D. (2004). THEMIS: Threat Evaluation Metamodel for Information Systems. In: Chen, H., Moore, R., Zeng, D.D., Leavitt, J. (eds) Intelligence and Security Informatics. ISI 2004. Lecture Notes in Computer Science, vol 3073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25952-7_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-25952-7_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22125-8
Online ISBN: 978-3-540-25952-7
eBook Packages: Springer Book Archive