Ontology Oriented Threat Detection System (OOTDS)

The paper discusses the design of a general purpose ontology oriented threat detection system (OOTDS) for environments monitored by sensors. The sensors are assumed to continually provide OOTDS with events reflecting changes in the environment. OOTDS performs event analysis using a network of asynchronous blocks with increasing complexity. Front blocks convert sensor specific events to a unified form. A suggestion block provides hints for threat assessment based on a set of rules. The core threat detection block estimates probabilities of the suggested threats using Multi-Entities Bayesian Networks (MEBN) logic inference based on facts resulting from observed events and knowledge stored in an environment specific threat detection ontology (TDO). Threats with sufficiently high probability levels result in notifications sent to concerned users.The paper defines main OOTDS goals and presents its architecture followed by a short introduction to MEBN logic and an exemplary OOTDS application with a usage scenario.