TAC Results

2-June-2022 DC CAW

TAC Results

Threat Actor Context Ontology

The University of Oslo presented the Threat Actor Context Ontology of the OASIS Threat Actor Context Technical Committee (TAC TC) in support of cybersecurity automation and, in particular, the sense-making and decision-making functions of cyberspace defense as they are described in the IACD framework.

The core model of the TAC ontology is based on the STIX 2.1 standard and further augments it with other representations that describe components from the domain of Cyber Threat Intelligence (CTI). For example, we presented the Threat Agent Library (developed by Tim Casey and Intel Corporation in 2007) that describes a threat actor type typology. We extended the ontology by encoding the TAL typology in Web Ontology Language (OWL). We demonstrated the reasoning capability of the ontology by automatically inferring the types of a set of adversaries and their activities in near real-time (e.g., cybercriminals or nation-state-sponsored).

The following video provides an introduction to the TAC ontology and how it consumes STIX data to provide us with searchable, shareable, and interoperable knowledge graphs of CTI as linked open data.

TAC Ontology Video on Youtube: https://www.youtube.com/watch?v=p5cF6ZmNaNI.

We further discussed how the TAC ontology could integrate with other open-source solutions (STIX shifter and Kestrel threat hunting language) and utilize open standards (OpenC2, CACAO, SBOM, VEX, CSAF) to address different cybersecurity automation use cases.

Use Cases and Take Aways

The participants showed high interest in the inference capabilities of the Threat Actor Context ontology to derive new understandings pertinent to CTI and support human intelligence analysis and decision making.

Another well-received aspect is the availability of a plethora of open source and closed source software that can consume the ontology and be used as knowledge management solutions.

Jump to

Return to Standard Interfaces

return to Standard Interfaces

Return to Results

return to Results

Return to Agenda

return to Agenda

Return to Home

return to Home