Table 16 List of the symbols used in the paper
Symbol | Category | Description |
|---|---|---|
Event | Class | Event type (of all possible events) |
Subject | Class | Subject type (of all possible subjects) |
Object | Class | Object type (of all possible objects) |
Action | Class | Action type (of all possible actions) |
\(subject: Event^{\mathcal {I}} \longrightarrow Subject^{\mathcal {I}}\) | Function | Determines the subject of an event |
\(object: Event^{\mathcal {I}} \longrightarrow Object^{\mathcal {I}}\) | Function | Determines the object of an event |
\(action: Event^{\mathcal {I}} \longrightarrow \{R, W\}\) | Function | Determines the action of an event |
\(time: Event^{\mathcal {I}} \longrightarrow {\mathbb {N}}\) | Function | Determines the timestamp of an event |
\(\overset{}{\sim }\) | Relation | Event relation |
\(ES \subseteq Event^{\mathcal {I}}\) | Set | Suspicious event set |
\(SP \subseteq Event^{\mathcal {I}}\) | Set | Set of all unauthorized events |
\(I: Event^{\mathcal {I}} \longrightarrow Event^{\mathcal {I}}\) | Function | Effect function |
\(\sqsubseteq\) | Subsumption | |
\(\xrightarrow {partOf}\) | Relation | Part of relation |
W | Individual | Abbr. of Write |
R | Individual | Abbr. of Read |
\(\nu _i\) | Set | Attack vector |
\(\nu\) | Set | Set of all attack vectors |
\(f:Event \times {\mathbb {N}} \rightarrow {\mathbb {N}}\) | Function | Specifies the number of events in a specific event set which have a specific timestamp |
\(me:Subject^{\mathcal {I}} \longrightarrow {\mathcal {P}}(Object^{\mathcal {I}})\) | Function | Determines the memory of a specific subject |
\(ma:Subject^{\mathcal {I}} \longrightarrow {\mathcal {P}}(Object^{\mathcal {I}})\) | Function | Determines the objects that are changed by a specific subject |
\(\Delta : {\mathcal {P}}(E) \rightarrow {\mathcal {P}}(E)\) | Function | Abstracting function |
WE | Set | Set of events |
AE | Set | Set of abstracted events |
APT | Abbr. of Advanced Persistent Threat | |
SWRL | Abbr. of Semantic Web Rule Language | |
IPC | Abbr. of Inter-Process Communication | |
DLP | Abbr. of Data Loss Prevention | |
OWL | Abbr. of Ontology Web Language | |
DL | Abbr. of Description Logic | |
IDMEF | Abbr. of Intrusion Detection Message Exchange Format | |
SANSA | Abbr. of Scalable Semantic Analytics Stack | |
ROC | Abbr. of Receiver Operating Characteristic | |
SSDT | S ystem service dispatch table |