Main Article Content
The main scope of this paper is to present a methodology of engineering an ontology and to demonstrate how it is applied for designing and evaluating cyber-defense systems. The ontology is intended to be a vast model of the cybersecurity domain that captures a lot of information about attacks, source and target systems, methods, vulnerabilities exploited, consequences, controls for mitigation etc. For evaluating the quality of the proposed model we headed towards state-of-art methodologies comprised of a suite of metrics for assessing, among others: correctness, consistency, accuracy, completeness, soundness, task orientation. For the most important task, evaluation of efficacy in attacks detection, the proposed ontology was used as a knowledge model of a
prototype web application firewall and we tested the system on a known evaluation dataset. The proposed system yielded a good detection rate and a low rate of false positives and negatives on the test data, and it was compared with other existing solutions in the field.