Introducing D3FEND: A Knowledge Graph of Cybersecurity Countermeasures

Cybersecurity architects are using D3FEND to describe specific technical functions within cyber technologies in a common language of countermeasure techniques. A research project funded by the National Security Agency, D3FEND provides a large collection of digital artifacts to model cyber systems and related countermeasures.

This creates a foundation for automated reasoning about the complex interplay between computer network architectures, threats, and cyber countermeasures. Our is goal to make it easier for architects to understand how countermeasures work, so that they can more effectively design, deploy, and ultimately better defend networked systems.

D3FEND is a framework which provides a countermeasure knowledge base, but more specifically, a knowledge graph. The graph contains semantically rigorous types and relations that define both the key concepts in the cybersecurity countermeasure domain and the relations necessary to link those concepts to each other.

We ground each of the concepts and relations to particular references in the cybersecurity literature. Numerous sources of research and development literature were analyzed, including a targeted sample of over 500 countermeasure patents drawn from the U.S. Patent Office corpus. The graph supports queries that can inferentially map architectural elements to both cybersecurity countermeasures and offensive TTPs.

Talk+Live Q&A at the Western Auditorium in Connected Data World Center

You need an access pass to attend this session: Diversity Access Pass or Full Access Pass apply