Ontology-Driven Cyber-Security Threat Assessment Based on Sentiment Analysis of Network Activity Data

Sentiment analysis is gaining acceptance as a tool for automated understanding of consumer attitudes and preferences. Based on well-designed rule sets that describe how most people express their sentiments, sentiment analysis models enable automated processes to understand human responses. In this paper, we describe our vision of extending sentiment analysis to the novel domain of cyber-security. Our proposal combines: 1) ontological modeling of attacks, defenses, and attacker goals; 2) sentiment analysis of combinations of elements indicative of probable attacks; and 3) semantic reconciliation of borderline cases to more definitively classify ambiguous network activity as threatening or innocuous. This method has achieved good results (86% correct) in assessing consumer sentiments, and we believe that more detailed models can improve on this accuracy even in the complex domain of cyber-security.