Cyber Threat Ontology (CTO)

We developed a novel approach for generating a threat knowledge base, and evaluating cyber threat attributes using feature importance, as described in this paper.

Based on the results from our feature importance analysis, we developed a ‘core’ cyber threat model which can form the basis of asset-based threat models which rely on the use of ontologies as their ‘core’ model. This model is derived from a quantified evaluation of the relative importance of 12 cyber threat attributes, and this offers a high level of reliability with respect to the selection of core concepts in the ontology and the arrangements of those concept in relation to each other. The ontology is highly generalised and extensible to threat modelling in a broad range of security landscapes.

In the illustration of our core ontology below, the % scores indicate the relative importance of each of those 12 threat attributes in characterising a cyber threat, based on our feature importance analysis method.