Table 16 List of the symbols used in the paper

Symbol

Category

Description

Event

Class

Event type (of all possible events)

Subject

Class

Subject type (of all possible subjects)

Object

Class

Object type (of all possible objects)

Action

Class

Action type (of all possible actions)

$$subject: Event^{\mathcal {I}} \longrightarrow Subject^{\mathcal {I}}$$

Function

Determines the subject of an event

$$object: Event^{\mathcal {I}} \longrightarrow Object^{\mathcal {I}}$$

Function

Determines the object of an event

$$action: Event^{\mathcal {I}} \longrightarrow \{R, W\}$$

Function

Determines the action of an event

$$time: Event^{\mathcal {I}} \longrightarrow {\mathbb {N}}$$

Function

Determines the timestamp of an event

$$\overset{}{\sim }$$

Relation

Event relation

$$ES \subseteq Event^{\mathcal {I}}$$

Set

Suspicious event set

$$SP \subseteq Event^{\mathcal {I}}$$

Set

Set of all unauthorized events

$$I: Event^{\mathcal {I}} \longrightarrow Event^{\mathcal {I}}$$

Function

Effect function

$$\sqsubseteq$$

Subsumption

$$\xrightarrow {partOf}$$

Relation

Part of relation

W

Individual

Abbr. of Write

R

Individual

$$\nu _i$$

Set

Attack vector

$$\nu$$

Set

Set of all attack vectors

$$f:Event \times {\mathbb {N}} \rightarrow {\mathbb {N}}$$

Function

Specifies the number of events in a specific event set which have a specific timestamp

$$me:Subject^{\mathcal {I}} \longrightarrow {\mathcal {P}}(Object^{\mathcal {I}})$$

Function

Determines the memory of a specific subject

$$ma:Subject^{\mathcal {I}} \longrightarrow {\mathcal {P}}(Object^{\mathcal {I}})$$

Function

Determines the objects that are changed by a specific subject

$$\Delta : {\mathcal {P}}(E) \rightarrow {\mathcal {P}}(E)$$

Function

Abstracting function

WE

Set

Set of events

AE

Set

Set of abstracted events

APT

SWRL

Abbr. of Semantic Web Rule Language

IPC

Abbr. of Inter-Process Communication

DLP

Abbr. of Data Loss Prevention

OWL

Abbr. of Ontology Web Language

DL

Abbr. of Description Logic

IDMEF

Abbr. of Intrusion Detection Message Exchange Format

SANSA

Abbr. of Scalable Semantic Analytics Stack

ROC