Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response

• URL: http://arxiv.org/abs/2507.12061v1
• Date: Wed, 16 Jul 2025 09:17:53 GMT
• Title: Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response
• Authors: Zequan Huang, Jacques Robin, Nicolas Herbaut, Nourhène Ben Rabah, Bénédicte Le Grand,
• Abstract summary: We bridge the gap between two research directions: Intent-Based Cyber Defense and Autonomic Cyber Defense.<n>We propose a unified, ontology-driven security intent definition leveraging the MITRE-D3FEND cybersecurity ontology.<n>We also propose a general two-tiered methodology for integrating such security intents into decision-theoretic Autonomic Cyber Defense systems.
• Score: 1.0027737736304287
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Modern Security Orchestration, Automation, and Response (SOAR) platforms must rapidly adapt to continuously evolving cyber attacks. Intent-Based Networking has emerged as a promising paradigm for cyber attack mitigation through high-level declarative intents, which offer greater flexibility and persistency than procedural actions. In this paper, we bridge the gap between two active research directions: Intent-Based Cyber Defense and Autonomic Cyber Defense, by proposing a unified, ontology-driven security intent definition leveraging the MITRE-D3FEND cybersecurity ontology. We also propose a general two-tiered methodology for integrating such security intents into decision-theoretic Autonomic Cyber Defense systems, enabling hierarchical and context-aware automated response capabilities. The practicality of our approach is demonstrated through a concrete use case, showcasing its integration within next-generation Security Orchestration, Automation, and Response platforms.

Related papers

• CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization [73.13843039509386]
  This paper presents CyGATE, a game-theoretic framework modeling attacker-defender interactions.<n>CyGATE frames cyber conflicts as a partially observable game (POSG) across Cyber Kill Chain stages.<n>The framework's flexible architecture enables extension to multi-agent scenarios.
  arXiv  Detail & Related papers  (2025-08-01T09:53:06Z)
• Agentic Web: Weaving the Next Web with AI Agents [109.13815627467514]
  The emergence of AI agents powered by large language models (LLMs) marks a pivotal shift toward the Agentic Web.<n>In this paradigm, agents interact directly with one another to plan, coordinate, and execute complex tasks on behalf of users.<n>We present a structured framework for understanding and building the Agentic Web.
  arXiv  Detail & Related papers  (2025-07-28T17:58:12Z)
• Internet of Agents: Fundamentals, Applications, and Challenges [66.44234034282421]
  We introduce the Internet of Agents (IoA) as a foundational framework that enables seamless interconnection, dynamic discovery, and collaborative orchestration among heterogeneous agents at scale.<n>We analyze the key operational enablers of IoA, including capability notification and discovery, adaptive communication protocols, dynamic task matching, consensus and conflict-resolution mechanisms, and incentive models.
  arXiv  Detail & Related papers  (2025-05-12T02:04:37Z)
• CyberSentinel: An Emergent Threat Detection System for AI Security [0.0]
  The rapid advancement of artificial intelligence (AI) has significantly expanded the attack surface for AI-driven cybersecurity threats.<n>This paper introduces CyberSentinel, a unified, single-agent system for emergent threat detection.<n>By continuously adapting to evolving adversarial tactics, CyberSentinel strengthens proactive cybersecurity defense.
  arXiv  Detail & Related papers  (2025-02-20T19:03:32Z)
• Exploring the Adversarial Vulnerabilities of Vision-Language-Action Models in Robotics [68.36528819227641]
  This paper systematically quantifies the robustness of VLA-based robotic systems.<n>We introduce two untargeted attack objectives that leverage spatial foundations to destabilize robotic actions, and a targeted attack objective that manipulates the robotic trajectory.<n>We design an adversarial patch generation approach that places a small, colorful patch within the camera's view, effectively executing the attack in both digital and physical environments.
  arXiv  Detail & Related papers  (2024-11-18T01:52:20Z)
• Automated Cybersecurity Compliance and Threat Response Using AI, Blockchain & Smart Contracts [0.36832029288386137]
  We present a novel framework that integrates artificial intelligence (AI), blockchain, and smart contracts. We propose a system that automates the enforcement of security policies, reducing manual effort and potential human error.
  arXiv  Detail & Related papers  (2024-09-12T20:38:14Z)
• Siren -- Advancing Cybersecurity through Deception and Adaptive Analysis [0.0]
  This project employs sophisticated methods to lure potential threats into controlled environments.<n>The architectural framework includes a link monitoring proxy, a purpose-built machine learning model for dynamic link analysis.<n>The incorporation of simulated user activity extends the system's capacity to capture and learn from potential attackers.
  arXiv  Detail & Related papers  (2024-06-10T12:47:49Z)
• Mutual-modality Adversarial Attack with Semantic Perturbation [81.66172089175346]
  We propose a novel approach that generates adversarial attacks in a mutual-modality optimization scheme. Our approach outperforms state-of-the-art attack methods and can be readily deployed as a plug-and-play solution.
  arXiv  Detail & Related papers  (2023-12-20T05:06:01Z)
• Cyber Sentinel: Exploring Conversational Agents in Streamlining Security Tasks with GPT-4 [0.08192907805418582]
  This paper introduces Cyber Sentinel, an innovative task-oriented cybersecurity dialogue system. It embodies the fusion of artificial intelligence, cybersecurity domain expertise, and real-time data analysis to combat the multifaceted challenges posed by cyber adversaries. Our work is a novel approach to task-oriented dialogue systems, leveraging the power of chaining GPT-4 models combined with prompt engineering.
  arXiv  Detail & Related papers  (2023-09-28T13:18:33Z)
• SemProtector: A Unified Framework for Semantic Protection in Deep Learning-based Semantic Communication Systems [51.97204522852634]
  We present a unified framework that aims to secure an online semantic communications system with three semantic protection modules. Specifically, these protection modules are able to encrypt semantics to be transmitted by an encryption method, mitigate privacy risks from wireless channels by a perturbation mechanism, and calibrate distorted semantics at the destination. Our framework enables an existing online SC system to dynamically assemble the above three pluggable modules to meet customized semantic protection requirements.
  arXiv  Detail & Related papers  (2023-09-04T06:34:43Z)
• Automated Cyber Defence: A Review [0.0]
  Research within Automated Cyber Defence will allow the development and enabling intelligence response by autonomously defending networked systems through sequential decision-making agents. This article comprehensively elaborates the developments within Automated Cyber Defence through a requirement analysis divided into two sub-areas, namely, automated defence and attack agents and Autonomous Cyber Operation (ACO) Gyms. The requirement analysis is also used to critique ACO Gyms with an overall aim to develop them for deploying automated agents within real-world networked systems.
  arXiv  Detail & Related papers  (2023-03-08T22:37:50Z)
• Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
  We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
  arXiv  Detail & Related papers  (2021-11-23T23:42:16Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.