Cybersecurity Research


The primary research interests of Dr. Sikos include artificial intelligence, knowledge representation, automated reasoning, ontology engineering, and cybersecurity. His current research project involves the representation of network knowledge with provenance for cybersituational awareness and automated cyberthreat intelligence.

The machine-interpretable representation of logical network topology and information flow of computer networks can be utilized in cybersecurity applications for cyber situational awareness, network monitoring and management, vulnerability assessment, defense, traffic path estimation, and so forth. These applications make it possible to determine whether the traffic goes through a particular country, empowers organizations to develop proactive cybersecurity policies, and informs decision-making during and following intrusion detection.

However, constructing such a representation is a non-trivial problem due to complexity and scalability issues; using formal knowledge representation standards may address these by encoding network data from heterogeneous sources using open standards. Most network data, such as router configurations and routing protocol messages constitute unstructured data, which is human-readable only. By encoding such data as semistructured data by declaring datatypes for data values, the data becomes machine-readable, so that meaningless consecutive characters become processable strings, numbers, dates, Boolean values, and vectors. However, semantics (meaning) of data can be defined only by leveraging structured data, usually expressed in the Resource Description Framework (RDF) as subject-predicate-object (resource-property-value) triples, e.g., BGPUpdateMessageupdated"2017-10-10T09:42:00+09:30", thereby achieving machine-interpretability. Using a technology-independent syntax makes it possible to precisely capture the semantics of subdomains of computer networks in the form of ontologies typically implemented in the Web Ontology Language (OWL) by defining concepts of network components and IP routing in a taxonomical structure, along with their properties, relations, and constraints, and individuals that instantiate them. Reasoning over statements that use these definitions facilitates knowledge discovery via inferring implicit network knowledge.