SBIR-STTR Award

The objective of this work is the development of a mathematical ontology for cyber events and entities. We use the qualifier mathematical to mean that in such an ontology, every type (or class) has a distinct mathematical interpretation to contrast it with many ontologies today that differ little from conventional data models or schemas. We will leverage such an ontology we developed for the DoD CIO and Joint Staff. Its upper foundation is extensional, higher-order, and 4-dimensional. Domain patterns extend from the foundation, e.g., for capabilities, desired effects, risk, resources, activity/process models, and for data fusion, specifically the Joint Directors of Laboratories (JDL) fusion levels 0-3. The-domain patterns were developed using an innovative rational reconstruction process that forces extensions to have mathematical meaning. We will apply this process to CybOX, MAEC, STIX, and other cyber languages to incorporate them into the ontology in such that their mathematical meanings are known. This will be important to the JIE Global and Enterprise Operations Centers and their interaction with CYBERCOM, ARCYBER, and other NETOPS and cyber intelligence and operations centers where distributed analytics are inevitable and must be interoperable and resiliency is critical.

The objective of this work is the development of a mathematical ontology for cyber events, entities and their associations and intentionscyber Situation Awareness (SA)and associated cyber Command and Control (C2). We use the qualifier mathematical to mean that in such an ontology, every Type (Class) has a distinct mathematical interpretation to differentiate from many so-called ontologies today differ little from conventional data models or schemas. More than any other military operations, cyber operations are multi-source and multi-INT. In many cases no single detected event or activity is sufficiently suspicious to trigger counter action; that is, the enemy is assumed to be sophisticated enough to be silent, to stay under the radar. Detection may occur as a result of multiple types of sensor and intelligence data or as the result of associating events and entities, i.e., data fusion. This requires an accumulation of detections and hypotheses for assured detection while minimizing false alarms. Current rule-based and heuristic approaches will not scale or adapt. Consequently we will develop a mathematical cyber ontology that is founded on mathematics that will enable the development of cloud-based cyber distributed data fusion and analytics that are mathematically principled.