Formal Specification of the Framework for NSSA

As the computer network has evolved to provide the user many services, the attacks on these networks to disrupt the services and to gain access to resources has also evolved. New entities in form of services, hardware, network protocols etc. are being added to the network, which is leading to new ways to attack the network. The complexity of the system is increasing so fast that it is becoming increasingly difficult for network administrator to comprehend the situation and react in an appropriate manner. Situation becomes more complex as there is no uniform terminology. Though serious efforts in form of Common Vulnerability Enumeration (CVE), Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification (CAPEC) etc. has been made, still a long way is to go. In this paper we have proposed a formal specification of the framework for network security situational awareness (NSSA) using ontological engineering approach. We have modeled a computer network by modeling its components i.e. hardware, software, services using ontology. Also vulnerabilities and attacks on these computers are modeled. We populate our ontology with various instances of vulnerabilities, CVSS scores, attacks and possible services in the network. Knowledge representation methods are used in order to provide Description Logic reasoning and inference over network security status concept. Secondly we propose an ontology based system which predicts probable attacks using inference and information provided by the environment.