To develop and promote the adoption of a community developed ecosystem for standardized information representation across the cyber domain

Get In Touch

We are always looking for more contributors and adopters.

Cyber Domain Ontology

The mission of the Project is to develop and promote the adoption of a community developed ecosystem for standardized information representation across the cyber domain, based on the Unified Cyber Ontology (UCO), including application domain ontologies such as the Cyber-investigation Analysis Standard Expression (CASE). The Cyber Domain Ontology (CDO) is intended to serve the needs of a broad range of domains, including cyber-investigation, digital forensics, incident response, cyber risk management, supply chain security, threat intelligence, and computer/network protection. UCO serves as a foundation for modeling cyber domain concepts and elements using a standardized representation that is both human-understandable and machine-interpretable. The primary motivation for UCO is to establish a middle domain ontology that supports information representations for related application domain ontology communities, defined as context-specific extensions within the consistent overall Cyber Domain Ontology ecosystem. Through this approach not only are domain-focused representations defined consistently but they also can take advantage of shared APIs/tooling and information flow in an automated fashion across application domain boundaries. CASE, which aligns with and extends UCO, is an evolving standard for representing information commonly analyzed and exchanged during investigations involving digital evidence. The primary motivation for CASE is to lessen the analytic burden of cyber investigators by providing a common language to support automated interoperability, normalization, combination and validation of varied information sources to facilitate analysis and exploration of investigative questions. In addition to advancing the efficient and accurate exchange of cyber-investigation information between tools and organizations, CASE ensures that analysis results can be traced back to their source(s), keeping track of when, where and who used which tools to perform investigative actions on data sources.