Towards Real-Time Warning and Defense Strategy AI Planning for Cyber Security Systems Aided by Security Ontology

Abstract

Cyber security systems generally have the phenomena of passive defense and low-efficiency early warnings. Aiming at the above problems, this study proposes a real-time warning and plans an AI defense strategy for a cyber security system aided by a security ontology. First, we design a security defense ontology that integrates attack graphs, general purpose and domain-specific knowledge bases, and on this basis, we (1) develop an ontology-driven method of early warnings of real-time attacks, which supports non-intrusive scanning attack detection and (2) combine artificial intelligence planning and bounded rationality to recommend and automatically execute defense strategies in conventional defense scenarios. A case study has been performed, and the results indicate that: (1) the proposed method can quickly analyze network traffic data for real-time warnings, (2) the proposed method is highly feasible and has the ability to implement defense strategies autonomously, and (3) the proposed method performs the best, with a 5.4–11.4% increase in defense effectiveness against the state-of-the-art counterparts considering the APT29 attack. Overall, the proposed method holds the potential to increase the defense effectiveness against cyberattacks under high computing resource constraints.