Ontologies in information security

Alexander Moiseev  Chief Business Officer at Kaspersky outlines how ‘ontology’ (a formal process of categorising and drawing relationships in data) holds huge potential to accelerate cybersecurity.  

In the cybersecurity industry, we regularly analyse new technologies and look for ways to put them to use. Ontology may not represent a very popular approach right now, but it can speed up and simplify a lot of processes. I believe it’s only a matter of time before using ontology for cybersecurity catches on.

In information systems, what’s an ontology?

In information science, an ontology is a systematic description of all of the terms in a specific subject area, their characteristics or attributes, and their relationships. For example, the Marvel Comics Universe ontology includes the names and attributes (superpowers, weapons, weaknesses) of all of the superheroes, their power levels, and so forth. An ontology can describe anything from wines to electrical grids.

Using a language such as OWL, Web Ontology Language, you can develop tools to analyse ontologies and identify hidden connections and missing or obscure details. For example, analysing the ontology of the Marvel universe can help determine the best team of superheroes and the most expedient way to defeat a villain.

For that, as well as for similar tasks, we could use the Protégé platform, for example. Developed at Stanford University, the software’s purpose is to analyse biomedical data, but now it’s a free, open-source ontology editor and framework for building intelligent systems to manage knowledge from any field.

Ontologies vs. machine learning

The tools for working with ontologies have a lot in common with machine-learning algorithms, but with one key difference: machine-learning models predict; ontological tools deduce.

Machine-learning models analyse large arrays of data and use them to make predictions about new objects. For example, a machine-learning model might look at 100 malicious e-mails and highlight the specific characteristics they share. Then, if the model recognises some of those characteristics in a new e-mail, it can determine that the new message is also malicious.

An ontology also figures in data analysis, but instead of leading to predictions, it points to information that logically ensues from supplied parameters. It doesn’t learn or draw on previous experiences to analyse information. For example, if we indicate in the ontology that ‘e-mail A’ is a phishing e-mail and that all phishing e-mails are malicious, and then state that ‘e-mail B’ is a phishing e-mail, the ontology will conclude that e-mail B is malicious. If we set out to analyse ‘e-mail C’ but don’t supply any characteristics, the ontology will not make any conclusion.

Ontologies and machine learning can complement each other. For example, ontologies can optimise and accelerate machine-learning models. They make the process of training models much easier by simulating logical reasoning and by being able to automatically classify and link information. And using time-saving ontological axioms — rules that describe the relationship between concepts — can narrow the input array for the machine-learning model, speeding its ability to find an answer.

Other uses for ontologies in cybersecurity

Ontologies can also help identify hidden opportunities or weak areas. For example, we can analyse a company infrastructure’s level of protection against a specific cyberthreat, such as ransomware. To do so, we create an ontology of potential anti-ransomware measures and apply it to the list of existing security measures in the organisation.

Using the ontology will tell you whether the infrastructure has enough protection or needs work. You can use the same method to determine whether an IT security system meets IECNIST, or other standards. This can also be done manually, but it would take much longer and be more expensive.

Ontologies also make the lives of IT security specialists easier by enabling them to communicate with each other in the same language. Using ontology can improve cybersecurity by helping specialists contextualise the problems and attacks that others encounter, leading them to better security measures. That kind of information also comes in handy when experts create information security architectures from scratch by offering a systematic view of vulnerabilities, attacks, and their connections.

READ MORE:

The very concept may seem complicated and abstract, but you encounter ontologies almost every day. Consider Internet searches, for example. Ontologies underlie semantic searches, letting you search for answers to actual queries rather than getting bogged down in the meaning of each individual word in them. That greatly increases the quality of search results. Pinterest, an image-sharing social network, uses similar technologies, relying on ontologies to analyse users’ actions and reactions, and then employing that data to optimise recommendations and targeted advertising. The above represents just a few ideas of how using ontologies can improve many aspects of business and cybertech. Here at Kaspersky, we’re interested in ontology’s prospects not only for cybersecurity but also in terms of the bigger picture, where ontology presents huge opportunities for business.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...