Skip to main content

Table 16 List of the symbols used in the paper

From: Big knowledge-based semantic correlation for detecting slow and low-level advanced persistent threats

Symbol Category Description
Event Class Event type (of all possible events)
Subject Class Subject type (of all possible subjects)
Object Class Object type (of all possible objects)
Action Class Action type (of all possible actions)
\(subject: Event^{\mathcal {I}} \longrightarrow Subject^{\mathcal {I}}\) Function Determines the subject of an event
\(object: Event^{\mathcal {I}} \longrightarrow Object^{\mathcal {I}}\) Function Determines the object of an event
\(action: Event^{\mathcal {I}} \longrightarrow \{R, W\}\) Function Determines the action of an event
\(time: Event^{\mathcal {I}} \longrightarrow {\mathbb {N}}\) Function Determines the timestamp of an event
\(\overset{}{\sim }\) Relation Event relation
\(ES \subseteq Event^{\mathcal {I}}\) Set Suspicious event set
\(SP \subseteq Event^{\mathcal {I}}\) Set Set of all unauthorized events
\(I: Event^{\mathcal {I}} \longrightarrow Event^{\mathcal {I}}\) Function Effect function
\(\sqsubseteq\)   Subsumption
\(\xrightarrow {partOf}\) Relation Part of relation
W Individual Abbr. of Write
R Individual Abbr. of Read
\(\nu _i\) Set Attack vector
\(\nu\) Set Set of all attack vectors
\(f:Event \times {\mathbb {N}} \rightarrow {\mathbb {N}}\) Function Specifies the number of events in a specific event set which have a specific timestamp
\(me:Subject^{\mathcal {I}} \longrightarrow {\mathcal {P}}(Object^{\mathcal {I}})\) Function Determines the memory of a specific subject
\(ma:Subject^{\mathcal {I}} \longrightarrow {\mathcal {P}}(Object^{\mathcal {I}})\) Function Determines the objects that are changed by a specific subject
\(\Delta : {\mathcal {P}}(E) \rightarrow {\mathcal {P}}(E)\) Function Abstracting function
WE Set Set of events
AE Set Set of abstracted events
APT   Abbr. of Advanced Persistent Threat
SWRL   Abbr. of Semantic Web Rule Language
IPC   Abbr. of Inter-Process Communication
DLP   Abbr. of Data Loss Prevention
OWL   Abbr. of Ontology Web Language
DL   Abbr. of Description Logic
IDMEF   Abbr. of Intrusion Detection Message Exchange Format
SANSA   Abbr. of Scalable Semantic Analytics Stack
ROC   Abbr. of Receiver Operating Characteristic
SSDT   S
ystem service dispatch table