The Design and Application of a Unified Ontology for Cyber Security

Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT&CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these independent data sources is time-consuming and impractical in high-stakes situations. By adopting an ontology-based approach, these cybersecurity resources can be unified, enabling a holistic view of the threat landscape. Additionally, leveraging semantic query languages empowers analysts to make the most of existing data sources. This paper explores how through the application of a semantic query language (SPARQL) on a unified cybersecurity ontology, analysts can effectively exploit the information contained within these resources to strengthen their defense strategies against cyber threats.