Abstract: The construction of an integrated solution for cyberspace defense with dynamic, flexible, and intelligent features is a new idea. To solve the problem whereby traditional static protection methods cannot respond to various network attacks or security demands in an adversarial network environment in time, and to form a complete integrated solution from “threat discovery” to “decision-making generation,” we propose an ontology-based security model, OntoCSD, for an integrated solution of cyberspace defense that uses Web ontology language (OWL) to represent the ontology classes and relationships of threat monitoring, decision-making, response, and defense in cyberspace, and uses semantic Web rule language (SWRL) to design the defensive reasoning rules. OntoCSD can discover potential relationships among network attacks, vulnerabilities, the security state, and defense strategies. Further, an artificial intelligence (AI) expert system based on case-based reasoning (CBR) is used to quickly generate a detailed and comprehensive decision-making scheme. Finally, through Kendall’s coefficient of concordance (W) and four experimental cases in a typical computer network defense (CND) system, which reasons on represented facts and the ontology, OntoCSD’s consistency and its feasibility to solve the issues in the field of cyberspace defense are validated. OntoCSD supports automatic association and reasoning, and provides an integrated solution framework of cyberspace defense.

OntoCSD：基于本体的网络空间防御综合解决方案安全模型

[1]Deng ZH, Lao SY, Bai L, et al., 2014. An extensible description model of cyber war system. J Natl Univ Def Technol, 36(1):184-190 (in Chinese).

[2]Gao JB, Zhang BW, Chen XH, 2012. Research progress in security ontology. Comput Sci, 39(8):14-19, 41 (in Chinese).

[3]Gong L, Si RB, Tian Y, 2020. Research on key technologies of ontology based threat modeling for cyber range. J CAEIT, 15(12):1139-1144, 1162 (in Chinese).

[4]Guo M, Qian HZ, Huang ZS, et al., 2014. Intelligent road-network selection using cases based reasoning. Acta Geod Cartograph Sin, 43(7):761-770 (in Chinese).

[5]Guo X, Qian HZ, Wang X, et al., 2021. A method of road network selection based on case and ontology reasoning. Acta Geod Cartograph Sin, 50(12):1717-1727 (in Chinese).

[6]Hameed S, Elsheikh Y, Azzeh M, 2023. An optimized case-based software project effort estimation using genetic algorithm. Inform Softw Technol, 153:107088.

[7]He HW, Qian HZ, Duan PX, et al., 2020. Automatic line simplification algorithm selecting and parameter setting based on case-based reasoning. Geomat Inform Sci Wuhan Univ, 45(3):344-352 (in Chinese).

[8]Hua HY, Chen QM, 2014. Network security situation knowledge base model based on ontology. J Comput Appl, 34(S2):95-98, 107 (in Chinese).

[9]Iannacone M, Bohn S, Nakamura G, et al., 2015. Developing an ontology for cyber security knowledge graphs. Proc 10^th Annual Cyber and Information Security Research Conf, Article 12.

[10]Insaurralde CC, Blasch E, 2022. Situation awareness decision support system for air traffic management using ontological reasoning. J Aerosp Inform Syst, 19(3):224-245.

[11]Ji XS, Wu JX, Jin L, et al., 2022. Discussion on a new paradigm of endogenous security towards 6 G networks. Front Inform Technol Electron Eng, 23(10):1421-1450.

[12]Jia Y, Qi YL, Shang HJ, et al., 2018. A practical approach to constructing a knowledge graph for cybersecurity. Engineering, 4(1):53-60.

[13]Kiesling E, Ekelhart A, Kurniawan K, et al., 2019. The SEPSES knowledge graph: an integrated resource for cybersecurity. Proc 18^th Int Semantic Web Conf, p.198-214.

[14]Li HL, Zhang ZH, 2022. Ontology-based knowledge management model for high-speed railway onboard equipment maintenance cases. Railw Stand Des, 66(2):‍149-155 (in Chinese).

[15]Liu B, Yi JC, Yao L, et al., 2023. Situational awareness ontology modeling for threat from space cyber operations. Syst Eng Electron, 45(3):745-754.

[16]Liu JX, Guo JX, Song LY, 2020. Study on cyberspace situation ontology for situation awareness. Fire Contr Command Contr, 45(3):90-94 (in Chinese).

[17]Liu ZJ, Sun Z, Chen JF, et al., 2020. STIX-based network security knowledge graph ontology modeling method. Proc 3^rd Int Conf on Geoinformatics and Data Analysis, p.152-157.

[18]Ma HL, Wang L, Hu T, et al., 2022. Survey on the development of mimic defense in cyberspace: from mimic concept to "mimic+" ecology. Chin J Netw Inform Secur, 8(2):15-38 (in Chinese).

[19]Merah Y, Kenaza T, 2021. Proactive ontology-based cyber threat intelligence analytic. Int Conf on Recent Advances in Mathematics and Informatics, p.1-7.

[20]Nisha OSJ, Bhanu SMS, 2021. Detection of malicious Android applications using ontology-based intelligent model in mobile cloud environment. J Inform Secur Appl, 58:102751.

[21]Penadés MC, Borges MRS, Canós-Cerdá JH, et al., 2011. A product line approach to the development of advanced emergency plans. Proc 8^th Int Conf on Information Systems for Crisis Response and Management.

[22]Qin PD, Xu WR, Wang WY, 2018. Robust distant supervision relation extraction via deep reinforcement learning. Proc 56^th Annual Meeting of the Association for Computational Linguistics, p.2137-2147.

[23]Qin SZ, Chow KP, 2019. Automatic analysis and reasoning based on vulnerability knowledge graph. Proc Int Conf on Cyberspace Data and Intelligence, p.3-19.

[24]Si C, Zhang HQ, Wang YW, et al., 2015. Research on network security situational elements knowledge base model based on ontology. Comput Sci, 42(5):173-177 (in Chinese).

[25]Silva DV, Rafael GR, 2023. Ontology for data integration in honeynet. Res Milit, 13(2):4959-4972.

[26]Solic K, Ocevcic H, Golub M, 2015. The information systems’ security level assessment model based on an ontology and evidential reasoning approach. Comput Secur, 55:100-112.

[27]Zeng XR, He SZ, Liu K, et al., 2018. Large scaled relation extraction with reinforcement learning. Proc 32^nd AAAI Conf on Artificial Intelligence, p.5658-5665.

[28]Zhang BW, Chang X, Li JH, 2020. A generalized information security model SOCMD for CMD systems. Chin J Electron, 29(3):417-426.

[29]Zhang L, 2012. Ontology-Based Digital Method and Application of Urban Rail Transit Emergency Plan. MS Thesis, Beijing Jiaotong University, Beijing, China (in Chinese).

[30]Zhang SQ, Bai GY, Li H, et al., 2022. IoT security knowledge reasoning method of multi-source data fusion. J Comput Res Dev, 59(12):2735-2749 (in Chinese).

[31]Zhang ZH, Li HL, Wang QW, et al., 2022. Ontology-based knowledge modeling of metro emergency response plan and construction of case database. Urban Mass Transit, 25(8):17-22 (in Chinese).

[32]Zhu X, Huang JM, Zhou B, et al., 2017. Real-time personalized twitter search based on semantic expansion and quality model. Neurocomputing, 254:13-21.