Ontology based persistent attack campaign detection

Assignee

• International Business Machines Corporation · US

Inventors

• Olanrewaju O. Okunlola · Fredericton, CA
• Christopher C. Fraser · Fredericton, CA
• Matthew P. Ouellette · Fredericton, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions executed by the at least one processor to cause the at least one processor to implement an ontology based persistent attack campaign detection engine. In response to a security incident, the mechanism sends the security incident to an incident model microservice executing within the persistent attack campaign detection engine. The incident model microservice extracts artifacts from the incident, maps the artifacts to a graph topology data structure, and stores the graph topology data structure in a graph data storage. An ontology modeling suite executing within the persistent attack campaign detection engine collects security data from a document data storage, builds a security ontology data structure and storing the security ontology data structure in an ontology data storage, and maps concepts from the security ontology data structure to the graph topology data structure. A custom insight engine executing within the persistent attack campaign detection engine performs insights based on the graph topology data structure and …