Ontology-based Cyber Risk Monitoring Using Cyber Threat Intelligence

Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.