Skip to main content Link Menu Expand (external link) Document Search Copy Copied
AEO

About AEO

Adversary Engagement Ontology (AEO) is an application ontology of the Unified Cyber Ontology that focuses on defining and standardizing the information representation of adversary engagement in the cyber domain. Adversary engagement is the strategic use of denial and deception tactics aimed at increasing the cost and decreasing the value of an adversary’s cyber operations [MITRE ENGAGE™]. The goals of adversary engagement can include detecting adversaries on a network, eliciting intelligence about them, or affecting them by raising the cost and lowering the value of their cyber operations.

AEO aims to standardize and improve consistency of adversary engagement operations planning, to standardize and simplify the documentation and transmission of the deployment configuration of cyber adversary engagement tools and techniques, and to standardize and simplify the monitoring, analysis and reporting of adversary engagement operations. This helps to ensure a consistent and efficient approach to adversary engagement across different organizations and domains. The standardization provided by AEO enables better collaboration and sharing of information among stakeholders, leading to more effective adversary engagement. Basing the foundation of AEO in the Unified Cyber Ontology ecosystem also improves the ease and consistency of integrated data flows between as well as analysis across the Adversary Engagement domain and other cyber application domains

Use cases

The Adversary Engagement Ontology (AEO) serves several purposes:

  • It provides a systematic approach for the development, representation, and management of concepts and categories within the domain of cyber adversary engagement.
  • It fosters a shared understanding of concepts and their relationships in Adversary Engagement, which can be utilized for communication, reasoning, and decision-making in forensic analysis.
  • Scholars, researchers, and academicians can utilize AEO to define AE concepts, establish relationships between them, and organize them into a structured framework.
  • Practitioners and vendors can leverage AEO to configure deployments and set up the necessary tools for risk mitigation.

Objectives

  1. The Adversary Engagement Ontology (AEO) aims to establish an application ontology within the Unified Cyber Ontology (UCO) ecosystem that incorporates and expands upon the foundational concepts found in MITRE’s open-source ENGAGE™ and ATT&CK™ knowledge frameworks. The ultimate goal is to advance the field of cyber adversary engagement by exploring new avenues, including the interactions between smart agents and the implementation of decoy and obfuscated data.
  2. The Adversary Engagement Ontology (AEO) endeavors to bring together a diverse and inclusive community of stakeholders, comprising members from academia, government, non-profit, and for-profit organizations, to actively participate in the development, implementation, and sustained support of the Adversary Engagement (AE) sub-ontology.

Scope

The Adversary Engagement Ontology (AEO) focuses on the subject matter pertaining to engaging with adversaries. Drawing upon concepts from the Unified Cyber Ontology (UCO), MITRE ATT&CK™, and MITRE ENGAGE™, the AEO selectively incorporates relevant concepts and categories. The AEO is focused on concepts that are directly related to adversary engagement and does not aim to be all-inclusive.

While the concepts and objects in the AEO are focused on adversary engagement, there are some areas of overlap with other cyber application domains such as Cyber Threat Intelligence (CTI), Security Operations, etc. Ideally, any concept should be defined and managed within its primary domain ontology. For concepts required by AE that are not primary to AE and do not yet have definition within their primary domain, AEO may provide temporary local definitions and offer them as submitted recommendations to the primary domain ontology community. Once these concepts have formal definitions within the primary domain ontologies AEO will deprecate the local definitions and adopt the primary ontology definitions.

If not familiar with ontologies, the Ontology Components Wikipedia page, OWL2 primer, and Ontology 101 document will help create a conceptual foundation that will enable better communication with the community/teams and clarify the connected parts present between the ontology’s specification (structure/design), it’s content (vocabulary, encoded in Turtle or other formats), and the Python API (usage of the defined vocabulary to create validated objects for import/export into JSON-LD).

Table of contents

This software was produced for the U.S. Government under contract FA8702-22-C-0001, and is subject to the Rights in Data-General Clause 52.227-14, Alt. IV (DEC 2007) C2023 The MITRE Corporation. All Rights Reserved. Released under MITRE PRS 18-4297, and under the Cyber Domain Ontology project's Apache 2 license.


Adversary Engagement Ontology