Using Semantic-Web Technologies for Situation Assessments of Ethical Hacking High-Value Targets

Sanjana Suresh; Rachel Fisher; Radha Patole; Andrew Zeyher; Thomas Heverin

doi:10.34190/EWS.21.070

Back

Conference proceeding

Using Semantic-Web Technologies for Situation Assessments of Ethical Hacking High-Value Targets

Sanjana Suresh, Rachel Fisher, Radha Patole, Andrew Zeyher and Thomas Heverin

European Conference on Cyber Warfare and Security

01 Jun 2021

DOI: https://doi.org/10.34190/EWS.21.070

Additional Links

Abstract

Artificial intelligence

Building automation

Colleges & universities

Computer security

Control systems

Distance learning

Domain names

Education

Ethics

Evaluation

Exploitation

Industrial electronics

Infrastructure

Internet crime

Natural language processing

Ontology

Query processing

Security management

Semantics

Software

Task complexity

Tracking

Ethical hacking consists of scanning for targets, evaluating the targets, gaining access, maintaining access, and clearing tracks. The evaluation of targets represents a complex task due to the number of IP addresses, domain names, open ports, vulnerabilities, and exploits that must be examined. Ethical hackers synthesize data from various hacking tools to determine targets that are of high value and that are highly susceptible to cyber-attacks. These tasks represent situation assessment tasks. Previous research considers situation assessment tasks to be tasks that involve viewing an initial set of information about a problem and subsequently piecing together more information to solve the problem. Our research used semantic-web technologies, including ontologies, natural language processing (NLP), and semantic queries, to automate the situation assessment tasks conducted by ethical hackers when evaluating targets. More specifically, our research focused on automatically identifying education organizations that use industrial control system protocols which in turn have highly exploitable vulnerabilities and known exploits. We used semantic-web technologies to reduce an initial dataset of 126,636 potential targets to 155 distinct targets with these characteristics. Our research adds to previous research on situation assessment by showing how semantic-web technologies can be used to reduce the complexity of situation assessment tasks.

Metrics

11 Record Views

Details

Title: Using Semantic-Web Technologies for Situation Assessments of Ethical Hacking High-Value Targets
Creators: Sanjana Suresh
Rachel Fisher
Radha Patole
Andrew Zeyher
Thomas Heverin
Publication Details: European Conference on Cyber Warfare and Security
Conference: European Conference on Cyber Warfare and Security
Publisher: Academic Conferences International Limited
Resource Type: Conference proceeding
Language: English
Academic Unit: Information Science (Informatics); College of Computing and Informatics
Other Identifier: 991020531946104721

Using Semantic-Web Technologies for Situation Assessments of Ethical Hacking High-Value Targets

Additional Links

Abstract

Metrics

Details

Drexel University Social media