Presentation is loading. Please wait.

Presentation is loading. Please wait.

Flexible Transform U.S. DEPARTMENT OF ENERGY Semantic Translation for Cyber Threat Indicators.

Published byCamilla Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "Flexible Transform U.S. DEPARTMENT OF ENERGY Semantic Translation for Cyber Threat Indicators."— Presentation transcript:

1 Flexible Transform U.S. DEPARTMENT OF ENERGY Semantic Translation for Cyber Threat Indicators

2 Who We Are June 2014 FIRST Annual Conference 2014 2 Andrew Hoying National Renewable Energy Laboratory andrew.hoying@nrel.gov Chris Strasburg Ames National Laboratory cstras@ameslab.gov Dan Harkness Argonne National Laboratory dharkness@anl.gov Scott Pinkerton Argonne National Laboratory pinkerton@anl.gov

3 Agenda  Motivation  Background  Flexible Transform (FT) Approach  Extended Example  Conclusions June 2014 FIRST Annual Conference 2014 3

4 Motivation Why transformation? It is needed to:  Facilitate migration to a common language (STIX) … without having to wait on entire customer base to adopt the language natively  Adapt data to multiple tool chains dynamically within a single site Why must it be flexible?  Point–point translation is not scalable, O(n 2 )  A semantic representation minimizes data loss  Deals with inherent ambiguities in legacy data –Shared Internet Protocol (IP) address – source or target (or resource or pivot point or …)? June 2014 FIRST Annual Conference 2014 4

5 Motivating Example June 2014 FIRST Annual Conference 2014 5

6 Translation Scalability June 2014 FIRST Annual Conference 2014 6 O(N 2 ) New Syntax / Schema / Semantics CSV = comma-separated value; XML = extensible markup language.

7 Background  Sharing data is hard when everyone does not speak a common language  Methods exist for parsing data from systems you do not control –Dynamic or static mapping of field names and types –Post-ingestion data recognition –Predefined parsers We want a richer ontology so that data are not lost in translation. June 2014 FIRST Annual Conference 2014 7

8 U.S. Department of Energy Cyber Fed Model (CFM) – GUWYG Background  [2004–2010] – Single Input Format Supported  [2010–2013] – Give Us What You’ve Got (GUWYG) v1  [2013–Present] – GUWYG v2 –Added XML and Key/Value formats for input –CFM supports multiple input/output formats and functions as a bridge between Enhanced Shared Situational Awareness (ESSA) initiative and thousands of Energy Sector utilities June 2014 FIRST Annual Conference 2014 8

9 Ontology June 2014 FIRST Annual Conference 2014 9

10 Ontology June 2014 FIRST Annual Conference 2014 10

11 Flexible Transform Approach June 2014 FIRST Annual Conference 2014 11

12 Approach/Design – Process Detail June 2014 FIRST Annual Conference 2014 12

13 Approach/Design – Process Detail (cont.) June 2014 FIRST Annual Conference 2014 13

14 Approach/Design – Process Detail (cont.) June 2014 FIRST Annual Conference 2014 14

15 Approach/Design – Process Detail (cont.) June 2014 FIRST Annual Conference 2014 15

16 Approach/Design – Process Detail (cont.) June 2014 FIRST Annual Conference 2014 16

17 Approach/Design – Process Detail (cont.) June 2014 FIRST Annual Conference 2014 17

18 Approach/Design – Process Detail (cont.) June 2014 FIRST Annual Conference 2014 18

19 Flexible Transform Scalability June 2014 FIRST Annual Conference 2014 19 O(N)

20 Approach/Design – Semantic Structure June 2014 FIRST Annual Conference 2014 20

21 Extended Example – Perfect Semantic Match June 2014 FIRST Annual Conference 2014 21

22 Extended Example – Generalization Mismatch June 2014 FIRST Annual Conference 2014 22

23 Extended Example – Specialization Mismatch June 2014 FIRST Annual Conference 2014 23

24 Extended Example – Missing Data 1 June 2014 FIRST Annual Conference 2014 24

25 Extended Example – Missing Data 2 June 2014 FIRST Annual Conference 2014 25

26 Conclusions/Limitations  Using flexible transform, we act as an automated translator, enabling communities to share data regardless of the native tools/languages  FT carries a performance impact – additional processing ‘on-the-fly’  Current definition of new syntaxes, schemas is manual – we are working on an RDF language to automate this function  It requires fully structured data – we are examining the feasibility of parsing semi- structured data  Reduces, but does not eliminate, the problems of sharing ambiguous data June 2014 FIRST Annual Conference 2014 26

27 Preparing for Tomorrow’s Cyber Threat  Cyber threats are global – sharing is key: –Are you ready to consume? –Are you ready to produce?  Examine your data / workflow: –Let us know what schemas/ languages are in use –Provide/ask for schema specifications when needed  Add structure to your data! June 2014 FIRST Annual Conference 2014 27

28 Future Needs  A cross platform, or web-based, graphical user interface (GUI) for building indicators, other data types, and relationships using known semantic values –Visualize large data sets –List known semantics; provide user with a list of target formats –Built-in definitions of field types help analysts choose the appropriate field for the indicator or relationship  Syntax parser and dynamic schema for semi- structured data June 2014 FIRST Annual Conference 2014 28

29 Questions?  Questions Now? –Ask away!  Questions Later? –federated- admins@anl.govfederated- admins@anl.gov June 2014 FIRST Annual Conference 2014 29

Download ppt "Flexible Transform U.S. DEPARTMENT OF ENERGY Semantic Translation for Cyber Threat Indicators."

Similar presentations

Websydian Anne-Marie Arnvig Manager, Websydian Communications & Relations.

Websydian Anne-Marie Arnvig Manager, Websydian Communications & Relations.
XML-based Network Management Rob Enns

XML-based Network Management Rob Enns
Portable Data and Modeling for Electromagnetic Transient Analysis programs Jean Mahseredjian Ecole Polytechnique de Montreal 1.

Portable Data and Modeling for Electromagnetic Transient Analysis programs Jean Mahseredjian Ecole Polytechnique de Montreal 1.
The Online Library Environment Projects and Challenges at The University of Alabama Libraries Jason J. Battles Head, Web Services Department.

The Online Library Environment Projects and Challenges at The University of Alabama Libraries Jason J. Battles Head, Web Services Department.
DataFoundry: An Approach to Scientific Data Integration Terence Critchlow Ron Musick Ida Lozares Center for Applied Scientific Computing Tom SlezakKrzystof.

DataFoundry: An Approach to Scientific Data Integration Terence Critchlow Ron Musick Ida Lozares Center for Applied Scientific Computing Tom SlezakKrzystof.
Web Mapping Using XML and SVG SHEA Yu-kai Geoffrey Senior Lecturer Department of Land Surveying & Geo-Informatics The Hong Kong Polytechnic University.

Web Mapping Using XML and SVG SHEA Yu-kai Geoffrey Senior Lecturer Department of Land Surveying & Geo-Informatics The Hong Kong Polytechnic University.
Infomaster: An information Integration Tool O. M. Duschka and M. R. Genesereth Presentation by Cui Tao.

Infomaster: An information Integration Tool O. M. Duschka and M. R. Genesereth Presentation by Cui Tao.
Nov. 2001 Copyright Galdos Systems Inc. November 2001 Impact of GML on Data Development.

Nov Copyright Galdos Systems Inc. November 2001 Impact of GML on Data Development.
An Integrated Solution for Web-based Mathematical Expression Inputting Wei Su Department of Computer Science, Lanzhou University, PRC Department of Computer.

An Integrated Solution for Web-based Mathematical Expression Inputting Wei Su Department of Computer Science, Lanzhou University, PRC Department of Computer.
The information integration wizard (Iwiz) project Report on work in progress Joachim Hammer Presented by Muhammed Al-Muhammed.

The information integration wizard (Iwiz) project Report on work in progress Joachim Hammer Presented by Muhammed Al-Muhammed.
Client-Server Processing and Distributed Databases

Client-Server Processing and Distributed Databases
Technical Track Session XML Techie Tools Tim Bornholt.

Technical Track Session XML Techie Tools Tim Bornholt.
Enterprise Workflow CPSC 476 Lightening Talk Brenda Griffith/Katie Soto.

Enterprise Workflow CPSC 476 Lightening Talk Brenda Griffith/Katie Soto.
XP New Perspectives on Microsoft Access 2002 Tutorial 71 Microsoft Access 2002 Tutorial 7 – Integrating Access With the Web and With Other Programs.

XP New Perspectives on Microsoft Access 2002 Tutorial 71 Microsoft Access 2002 Tutorial 7 – Integrating Access With the Web and With Other Programs.
Presented by Brian Griffin On behalf of Manu Goel Mohit Goel Nov 12 th, 2014 Building a dynamic GUI, configurable at runtime by backend tool.

Presented by Brian Griffin On behalf of Manu Goel Mohit Goel Nov 12 th, 2014 Building a dynamic GUI, configurable at runtime by backend tool.
Copyright 2007-2011, Synchrony Systems, Inc. Enterprise Application Modernizations Slavik Zorin Phone: (415) 944-0377

Copyright , Synchrony Systems, Inc. Enterprise Application Modernizations Slavik Zorin Phone: (415)
Aurora: A Conceptual Model for Web-content Adaptation to Support the Universal Accessibility of Web-based Services Anita W. Huang, Neel Sundaresan Presented.

Aurora: A Conceptual Model for Web-content Adaptation to Support the Universal Accessibility of Web-based Services Anita W. Huang, Neel Sundaresan Presented.
Adapting Legacy Computational Software for XMSF 1 © 2003 White & Pullen, GMU03F-SIW-112 Adapting Legacy Computational Software for XMSF Elizabeth L. White.

Adapting Legacy Computational Software for XMSF 1 © 2003 White & Pullen, GMU03F-SIW-112 Adapting Legacy Computational Software for XMSF Elizabeth L. White.
JDF in the Inter-Enterprise Workflow Achieving JDF workflow automation.

JDF in the Inter-Enterprise Workflow Achieving JDF workflow automation.
 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. www.deri.org Towards Translating between XML and WSML based on mappings between.

 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. Towards Translating between XML and WSML based on mappings between.

Similar presentations

Ads by Google