Skip to main content

Using ChatGPT4 to Generate a Cyber Resiliency Effects SKOS Taxonomy and Mermaid Diagram

Today's experiment with ChatGPT4 was seeing how well it could support a creating a SKOS taxonomy from text I copy and pasted out of one of my Cybersecurity Science blogs, "A Standardized Vocabulary for Evaluating the Impact of Cyber Defense Decisions on Adversary Behavior" which contains an effects vocabulary from NIST 800-160 Vol 2 Rev 1 dated December 2021. 

SKOS (Simple Knowledge Organization System) is a widely-used standard for representing knowledge organization systems, such as taxonomies, thesauri, and classification schemes. Here are some of the benefits of using SKOS:

  • Interoperability: SKOS is a widely recognized and adopted standard, making it easy to share and exchange knowledge organization systems across different applications and platforms. This can improve interoperability and facilitate data integration and reuse.
  • Consistency: SKOS provides a consistent way to represent knowledge organization systems, making it easier to manage and maintain them. This can help ensure that the terminology used is consistent across different applications and systems, improving data quality and reducing errors.
  • Flexibility: SKOS is a flexible standard that can be used to represent a wide range of knowledge organization systems, from simple taxonomies to complex ontologies. This makes it suitable for a wide range of applications, from library and information science to data-driven industries like finance and healthcare.
  • Reusability: SKOS enables the reuse of existing knowledge organization systems, making it easier to build on existing work rather than starting from scratch. This can save time and resources, and improve the accuracy and consistency of knowledge organization.
  • Machine-readability: SKOS is designed to be machine-readable, making it easier to process and analyze knowledge organization systems using software tools. This can enable advanced applications like automated indexing, semantic search, and machine learning.

The input text to ChatGPT4 was section III B & C which contained text describing the vocabulary. I crafted a prompt to create a SKOS taxonomy from the text that included the 5 high-level effects and the narrower effects that support them, the 14 specific effects, the impact on risk of all effects, and details about the original NIST source document. The following is the ChatGPT4 response. 

@prefix ex: <http://example.org/effects/> .
@prefix skos: <http://www.w3.org/2004/02/skos/core#> .

ex:EffectsVocabulary a skos:ConceptScheme ;
  skos:prefLabel "Effects Vocabulary from NIST SP 800-160 Vol 2 Rev 1 (December 2021)" ;
  skos:definition "A standardized vocabulary of high-level and specific effects on adversaries,
based on NIST SP 800-160 Vol 2 Rev 1 (December 2021). It is designed for adversary-oriented analysis
and includes impact on risk information for each effect." .

ex:Redirect a skos:Concept ;
  skos:prefLabel "Redirect" ;
  skos:definition "Divert the adversary's activities to a less harmful or less critical target." ;
  skos:narrower ex:Deter, ex:Divert, ex:Deceive ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Preclude a skos:Concept ;
  skos:prefLabel "Preclude" ;
  skos:definition "Prevent the adversary from conducting a successful attack." ;
  skos:narrower ex:Expunge, ex:Preempt, ex:Negate ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Impede a skos:Concept ;
  skos:prefLabel "Impede" ;
  skos:definition "Hinder the adversary's ability to conduct an attack." ;
  skos:narrower ex:Contain, ex:Degrade, ex:Delay, ex:Exert ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Limit a skos:Concept ;
  skos:prefLabel "Limit" ;
  skos:definition "Reduce the impact of a successful attack." ;
  skos:narrower ex:Shorten, ex:Reduce ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases impact" .

ex:Expose a skos:Concept ;
  skos:prefLabel "Expose" ;
  skos:definition "Reveal the adversary's activities to better prepare defenders for future attacks." ;
  skos:narrower ex:Detect, ex:Reveal, ex:Scrutinize ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood and impact" .

# The specific effects concepts are defined here, with their relationships to the high-level effects concepts

ex:Deter a skos:Concept ;
  skos:prefLabel "Deter" ;
  skos:definition "Discourage adversaries from attempting an attack through threats or other means of dissuasion." ;
  skos:broader ex:Redirect ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Divert a skos:Concept ;
  skos:prefLabel "Divert" ;
  skos:definition "Channel adversaries away from high-value targets by creating false targets or deception." ;
  skos:broader ex:Redirect ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Deceive a skos:Concept ;
  skos:prefLabel "Deceive" ;
  skos:definition "Mislead adversaries into taking ineffective or suboptimal actions." ;
  skos:broader ex:Redirect ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Expunge a skos:Concept ;
  skos:prefLabel "Expunge" ;
  skos:definition "Eradicate adversaries from the system or network entirely." ;
  skos:broader ex:Preclude ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Preempt a skos:Concept ;
  skos:prefLabel "Preempt" ;
  skos:definition "Actively counter adversary activities before they can cause harm." ;
  skos:broader ex:Preclude ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Negate a skos:Concept ;
  skos:prefLabel "Negate" ;
  skos:definition "Neutralize the adversary's ability to exploit a vulnerability or conduct an attack." ;
  skos:broader ex:Preclude ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Contain a skos:Concept ;
  skos:prefLabel "Contain" ;
  skos:definition "Restrict the adversary's movement or access within a system or network." ;
  skos:broader ex:Impede ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Degrade a skos:Concept ;
  skos:prefLabel "Degrade" ;
  skos:definition "Reduce the adversary's capabilities or the effectiveness of their tools and techniques." ;
  skos:broader ex:Impede ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Delay a skos:Concept ;
  skos:prefLabel "Delay" ;
  skos:definition "Slow down the adversary's progress or actions, buying time for defenders to respond." ;
  skos:broader ex:Impede ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Exert a skos:Concept ;
  skos:prefLabel "Exert" ;
  skos:definition "Apply pressure on the adversary, forcing them to expend more resources or take less desirable actions." ;
  skos:broader ex:Impede ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood" .

ex:Shorten a skos:Concept ;
  skos:prefLabel "Shorten" ;
  skos:definition "Reduce the duration of a successful attack, limiting the adversary's ability to cause damage." ;
  skos:broader ex:Limit ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases impact" .

ex:Reduce a skos:Concept ;
  skos:prefLabel "Reduce" ;
  skos:definition "Diminish the extent or severity of the
  consequences resulting from a successful attack." ;
  skos:broader ex:Limit ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases impact" .

ex:Detect a skos:Concept ;
  skos:prefLabel "Detect" ;
  skos:definition "Identify adversary activities, enabling defenders to respond more effectively." ;
  skos:broader ex:Expose ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood and impact" .

ex:Reveal a skos:Concept ;
  skos:prefLabel "Reveal" ;
  skos:definition "Uncover information about the adversary's tactics, techniques, and procedures." ;
  skos:broader ex:Expose ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood and impact" .

ex:Scrutinize a skos:Concept ;
  skos:prefLabel "Scrutinize" ;
  skos:definition "Examine and analyze the adversary's activities in detail to improve defensive capabilities." ;
  skos:broader ex:Expose ;
  skos:inScheme ex:EffectsVocabulary ;
  skos:note "Impact on Risk: Decreases likelihood and impact" .

I then asked it if it could use the SKOS taxonomy to generate a network diagram in Mermaid.js notation. 

graph LR
  subgraph Effects
    Redirect[Redirect]
    Preclude[Preclude]
    Impede[Impede]
    Limit[Limit]
    Expose[Expose]
  end
  subgraph Redirect
    Deter[Deter]
    Divert[Divert]
    Deceive[Deceive]
  end
  subgraph Preclude
    Expunge[Expunge]
    Preempt[Preempt]
    Negate[Negate]
  end
  subgraph Impede
    Contain[Contain]
    Degrade[Degrade]
    Delay[Delay]
    Exert[Exert]
  end
  subgraph Limit
    Shorten[Shorten]
    Reduce[Reduce]
  end
  subgraph Expose
    Detect[Detect]
    Reveal[Reveal]
    Scrutinize[Scrutinize]
  end
  Redirect --> Deter
  Redirect --> Divert
  Redirect --> Deceive
  Preclude --> Expunge
  Preclude --> Preempt
  Preclude --> Negate
  Impede --> Contain
  Impede --> Degrade
  Impede --> Delay
  Impede --> Exert
  Limit --> Shorten
  Limit --> Reduce
  Expose --> Detect
  Expose --> Reveal
  Expose --> Scrutinize

To generate a diagram from this notation, you can copy and paste this code into the Mermaid Live Editor (https://mermaid-js.github.io/mermaid-live-editor/). This will produce the following diagram:


I have to say I'm pretty impressed with ChatGPT's ability to generate the above just from the text contained in my blog post about the effects vocabulary. I'm excited for what this means for domain experts who might not need to enlist the expertise of a Knowledge Engineers or Ontologists to quickly capture domain specific knowledge. 


Popular posts from this blog

The Interconnected Roles of Risk Management, Information Security, Cybersecurity, Business Continuity, and IT in Modern Organizations

In the rapidly evolving digital landscape, understanding the interconnected roles of Risk Management, Information Security, Cybersecurity, Business Continuity, and Information Technology (IT) is crucial for any organization. These concepts form the backbone of an organization's defense strategy against potential disruptions and threats, ensuring smooth operations and the protection of valuable data. Risk Management is the overarching concept that involves identifying, assessing, and mitigating any risks that could negatively impact an organization's operations or assets. These risks could be financial, operational, strategic, or related to information security. The goal of risk management is to minimize potential damage and ensure the continuity of business operations. Risk management is the umbrella under which information security, cybersecurity, and business continuity fall. Information Security is a subset of risk management. While risk management covers a wide range of pot

Attack Path Scenarios: Enhancing Cybersecurity Threat Analysis

I. Introduction A. Background on Cybersecurity Threats Cybersecurity threats are an ongoing concern for organizations of all sizes and across all industries. As technology continues to evolve and become more integral to business operations, the threat landscape also becomes more complex and sophisticated. Cyber attackers are constantly seeking new ways to exploit vulnerabilities and gain unauthorized access to sensitive data and systems. The consequences of a successful cyber attack can be severe, including financial losses, reputational damage, and legal consequences. Therefore, it is critical for organizations to have effective cybersecurity strategies in place to identify and mitigate potential threats. B. Definition of Attack Path Scenarios Attack Path Scenarios are a type of threat scenario used in cybersecurity to show the step-by-step sequence of tactics, techniques, and procedures (TTPs) that a cyber attacker may use to penetrate a system, gain access to sensitive data, and ach

A Deep Dive into the Analysis and Production Phase of Intelligence Analysis

Introduction In the complex and ever-evolving world of intelligence, the ability to analyze and interpret information accurately is paramount. The intelligence cycle, a systematic process used by analysts to convert raw data into actionable intelligence, is at the heart of this endeavor. This cycle typically consists of five stages: Planning and Direction, Collection, Processing, Analysis and Production, and Dissemination. Each stage plays a vital role in ensuring that the intelligence provided to decision-makers is accurate, relevant, and timely. While all stages of the intelligence cycle are critical, the Analysis and Production phase is where the proverbial 'rubber meets the road.' It is in this phase that the collected data is evaluated, integrated, interpreted, and transformed into a form that can be used to make informed decisions. The quality of the intelligence product, and ultimately the effectiveness of the decisions made based on that product, hinge on the rigor and