Author(s): Noseong Park, Ghaith Husari, Bei-Tseng Chu, Ehab Al-Shaer
Abstract: Cybersecurity is currently a critical problem. Many enterprise networks are improperly protected because of a lack of human experts. One possible solution is to provide more effective tools to secure such networks.
To this end, we propose three contributions: 1) a new language called OSPARQL that seamlessly integrates SPARQL and constrained optimization; 2) cybersecurity knowledge graphs created after parsing a plethora of documents and system logs; and 3) real-world use cases based on the proposed OSPARQL and knowledge graph.
We conducted experiments on a real-world large enterprise network dataset. Our platform has a rapid response time (typically in a few seconds) on all tasks and achieves high recall and precision scores (approximately 90%) for the presented use cases.
Keywords: Cybersecurity; SPARQL; Constrained Optimization