Analysis of Approaches to the Implementation of the Knowledge Management Life Cycle in Intelligent Cyber Defense Systems
DOI:
https://doi.org/10.31649/1997-9266-2025-181-4-95-107Keywords:
knowledge management, intelligent cyber defense systems, artificial intelligence, information and communication systems, cyber threats, cyber resilienceAbstract
The article investigates the task of effective knowledge management in intelligent cyber defense systems in order to enhance their ability to detect, interpret and prevent modern cyber threats. It is substantiated that achieving a high level of their adaptability and situational awareness is possible only if full life cycle of knowledge management is implemented, which includes the stages of extraction, integration, organization, application and updating.
A comparative analysis of modern approaches to the implementation of the key phases of knowledge management in intelligent cyber defense systems is carried out. Particular attention is paid to the analysis of approaches to the organization of knowledge, such as ontological modeling, knowledge graphs, production rules, frames, neural network structures and semantic networks. Relevant knowledge representation languages, threat information exchange protocols, and knowledge mining tools are considered. The results obtained show that none of the approaches under consideration fully meets the defined criteria for effective knowledge management, in particular, structuredness, relevance, interpretability, scalability, flexibility, computational efficiency, and transparency of decision-making. In this regard, the expediency of creating a hybrid knowledge management architecture that combines the advantages of different approaches is substantiated.
Functional scheme is proposed that integrates the ontological core with modules for self-learning, automatic rule generation, verification, and feedback. The presented approach ensures end-to-end processing of knowledge from extraction to practical application in the form of informed decisions in real time. This creates the basis for building a new generation of intelligent cyber defense systems capable of self-improvement and sustainable response to threats in a dynamic cyber environment.
References
V. Fesokha, “Peculiarities of the confrontation between defensive and offensive artificial intelligence in cyberspace,” International Science Journal of Engineering & Agriculture, vol. 3, no. 4, pp. 105-114, 2024. [Electronic resource]. Available: https://isg-journal.com/isjea/article/view/764/ .
L. Jiang, A. Jayatilaka, M. Nasim, M. Grobler, M. Zahedi, M. A. Babar, “Systematic Literature Review on Cyber Situational Awareness Visualizations,” IEEE Access, vol. 10, pp. 57525-57554, 2022. https://doi.org/ 10.1109/ACCESS.2022.3178195 .
CERT-UA. Порівняльний аналіз ШПЗ WhisperKill та WhiteBlackCrypt. [Electronic resource]. Available: https://cert.gov.ua/article/18108 .
CERT-UA. Наступна кібератака групи Sandworm (UAC-0082) на об’єкти енергетичної інфраструктури України. [Electronic resource]. Available: https://cert.gov.ua/article/39518 .
CERT-UA. Публічні PGP-ключі CERT-UA. https://doi.org/ https://cert.gov.ua/article/38088 .
“SentinelLabs. 12 Months of Fighting Cybercrime & Defending Enterprises,” SentinelLabs 2024 Review. [Electronic resource]. Available: https://strategicfocus.com/2025/01/02/12-months-of-fighting-cybercrime-defending-enterprises-sentinellabs-2024-review .
L. F. Sikos, “Cybersecurity knowledge graphs,” Knowledge and Information Systems, vol. 65, no. 3. pp. 789-812, 2023, https://doi.org/ 10.1007/s10115-023-01860-3 .
MITRE ATT&CK®. A knowledge base of adversary tactics and techniques. [Electronic resource]. Available: https://attack.mitre.org .
STIX Project. Structured Threat Information eXpression (STIX™). [Electronic resource]. Available: stixproject.github.io .
S. Fenz, A. Ekelhart, “A cybersecurity ontology to support risk information gathering in early phases of the system development life cycle,” Advances in Information and Computer Security. Springer, pp. 13-26, 2021. https://doi.org/10.1007/978-3-030-95484-0_2 .
D Wu., J. Chen, R. Xie, et al. “OntoCSD: an ontology-based security model for an integrated solution of cyberspace defense,” Frontiers of Information Technology & Electronic Engineering, vol. 25, no. 9, pp. 1209-1225, 2024. https://doi.org/10.1631/FITEE.2300662 .
I. H. Sarker, H. Janicke, M. A. Ferrag, and A. Abuadbba, “Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructuresб” Internet of Things, vol. 25, 2024, Article 101110. https://doi.org/10.1016/j.iot.2024.101110 .
A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A hybrid approach using support vector machine rule-based system for cyber threat detection in IoT,” Scientific Reports, vol. 14, 2024. Article 78976. https://doi.org/10.1038/s41598-024-78976-1.
Y. Zhang, L. Wang, and J. Li, “A review of knowledge graph application scenarios in cyber security,” arXiv preprint, 2022. arXiv:2204.04769.[Electronic resource]. Available: https://arxiv.org/abs/2204.04769 .
D. Pérez, J. García, and M. López, “Rule-based with machine learning IDS for DDoS attack detection in SDN environments,” IEEE Access, vol. 12, pp. 12345-12356, 2024. https://doi.org/10.1109/ACCESS.2024.10638035 .
S. Dotsenko, O. Illiashenko, S. Kamenskyi, and V. Kharchenko, “Integrated model of knowledge management for security of information technologies: standards ISO/IEC 15408 and ISO/IEC 18045,” Information & Security: An International Journal, vol. 43, no. 3, pp. 305-317, 2019.[Electronic resource]. Available: https://connections-qj.org/article/integrated-model-knowledge-management-security-information-technologies-standards-isoiec .
N. Sun, et al., “Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives,” IEEE Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1748-1774, 2023. https://doi.org/10.1109/COMST.2023.3273282.
D. Tayouri, S. Hassidim, A. Smirnov, and A. Shabtai, Cybersecurity in Agile Cloud Computing—Cybersecurity Guidelines for Cloud Access. IEEE White Paper, 2022, 22 p. [Electronic resource]. Available: https://ieeexplore.ieee.org/document/9904636 .
P. Podder, S. Bharati, M.R.H. Mondal, P.K. Paul, and U. Kose, “Artificial Neural Network for Cybersecurity: A Comprehensive Review,” Journal of Information Assurance & Security, vol. 16, no. 1, pp. 10-23, 2021.[Electronic resource]. Available: https://arxiv.org/pdf/2107.01185 .
I. Akour, M. Alauthman, K.M.O. Nahar, A. Almomani, and B. B. Gupta, “Analyzing Darknet Traffic Through Machine Learning and Neucube Spiking Neural Networks,” Intelligent and Converged Networksm, vol. 5, no. 4, pp. 265-283, 2024. https://doi.org/10.23919/ICN.2024.0022.
Univerzita obrany / Czech Republic. 18th PhD Conference Proceedings: New Approaches to State Security Assurance. – Brno: University of Defence, 2024. ISBN 978-80-7582-512-4.
Llopis Sánchez S, Decision support elements and enabling techniques to achieve a cyber defence situational awareness capability. Valencia: Universitat Politècnica de València, 2023, 107 p. https://doi.org/10.4995/Thesis/10251/194242. [Electronic resource]. Available: https://riunet.upv.es/handle/10251/194242 .
N. R. Vajjhala, and K. D. Strang, Cybersecurity in Knowledge Management: Cyberthreats and Solutions. – London: Routledge, 2024,256 p.
J. Wei, “Knowledge management framework for cyber security learning,” International Journal of Management in Education, vol. 4, no. 1, pp. 95-106,2010. https://doi.org/ 10.1504/IJMIE.2010.029884 .
ISO 30401:2018 Knowledge management systems — Requirements. – Geneva: International Organization for Standardization, 2018, 20 p. https://doi.org/10.1002/9781119027769.ch4 .
IBM. Machine Learning Analytics app – IBM QRadar Documentation. [Electronic resource]. Available: https://www.ibm.com/docs/en/qradar-common?topic=app-machine-learning-analytics .
Elastic. Elastic Security for SIEM . [Electronic resource]. Available: https://www.elastic.co/security/siem .
Microsoft. Bring your own Machine Learning (ML) into Microsoft Sentinel [Electronic resource]. Available: https://learn.microsoft.com/en-us/azure/sentinel/bring-your-own-ml .
В. Фесьоха, і І. Субач, «Принципи забезпечення кіберстійкості інформаційно-комунікаційних систем на основі технологій штучного інтелекту,» Проблеми кібербезпеки інформаційно-комунікаційних систем, тези доповідей VIII Міжнародної науково-практичної конференції, 11 квітня 2025 р., Київ, Україна. Київ, 2025, с. 56-57.
ISKO UK. Knowledge organization: introductory publications. [Electronic resource]. Available: https://www.iskouk.org/knowledge-organization-introductory-publications .
B. Hjørland, “Theories of knowledge organization,” in Introduction to Knowledge Organization. – Cambridge University Press, pp. 70-90, 2020. [Electronic resource]. Available: https://www.cambridge.org/core/books/abs/introduction-to-knowledge-organization/theories-of-knowledge-organization/70CAB48C676B089843B7F82D75C7ECDD .
M. E. Said, and M.A. Jabar, “Knowledge Integration Framework: A Systematic Review,” International Journal of Computer Applications, vol. 182, no. 2, pp. 1-8, 2023. https://doi.org/10.5120/ijca2023922345 .
A. Scharnhorst, R. P. Smiraglia, “The Need for Knowledge Organization,” Linking Knowledge: Linked Open Data for Knowledge Organization, Eds. R. P. Smiraglia, A. Scharnhorst. Baden-Baden: Ergon Verlag, 2021, pp. 1-23. https://doi.org/10.5771/9783956506611-1 .
B. Bayerlein, M. Schilling, P. von Hartrott, and J. Waitelonis, “Semantic integration of diverse data in materials science: Assessing Orowan strengthening,” Scientific Data, vol. 11, 2024, Article No. 434. https://doi.org/10.1038/s41597-024-03169-4.
OASIS. STIX™ Version 2.1. [Electronic resource]. Available: https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.pdf
OASIS. TAXII™ Version 2.1. [Electronic resource]. Available: https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html
Y. Chasseray, A.-M. Barthe-Delanoë, S. Négny, and J.-M. Le Lann, “Knowledge extraction from textual data and performance evaluation in an unsupervised context,” Information Science., vol. 629, pp. 324-343, 2023. https://doi.org/10.1016/j.ins.2023.01.150 .
H. Kim, L. He, and Y. Di, “Knowledge Extraction Framework for Building a Largescale Knowledge Base,” EAI Endorsed Transactions on Industrial Networks and Intelligent Systems, vol. 3, no. 7, 2016. https://doi.org/0.4108/eai.21-4-2016.151157.
F. Seitl, T. Kovářík, et al., “Assessing the quality of information extraction,” arXiv preprint, arXiv:2404.04068, 2024. https://doi.org/10.48550/arXiv.2404.04068.
Downloads
-
pdf (Українська)
Downloads: 43
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
