SKOS (Simple Knowledge Organization System) is a widely-used standard for representing knowledge organization systems, such as taxonomies, thesauri, and classification schemes. Here are some of the benefits of using SKOS:
The input text to ChatGPT4 was section III B & C which contained text describing the vocabulary. I crafted a prompt to create a SKOS taxonomy from the text that included the 5 high-level effects and the narrower effects that support them, the 14 specific effects, the impact on risk of all effects, and details about the original NIST source document. The following is the ChatGPT4 response.
@prefix ex: <http://example.org/effects/> .
@prefix skos: <http://www.w3.org/2004/02/skos/core#> .
ex:EffectsVocabulary a skos:ConceptScheme ;
skos:prefLabel "Effects Vocabulary from NIST SP 800-160 Vol 2 Rev 1 (December 2021)" ;
skos:definition "A standardized vocabulary of high-level and specific effects on adversaries,
based on NIST SP 800-160 Vol 2 Rev 1 (December 2021). It is designed for adversary-oriented analysis
and includes impact on risk information for each effect." .
ex:Redirect a skos:Concept ;
skos:prefLabel "Redirect" ;
skos:definition "Divert the adversary's activities to a less harmful or less critical target." ;
skos:narrower ex:Deter, ex:Divert, ex:Deceive ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Preclude a skos:Concept ;
skos:prefLabel "Preclude" ;
skos:definition "Prevent the adversary from conducting a successful attack." ;
skos:narrower ex:Expunge, ex:Preempt, ex:Negate ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Impede a skos:Concept ;
skos:prefLabel "Impede" ;
skos:definition "Hinder the adversary's ability to conduct an attack." ;
skos:narrower ex:Contain, ex:Degrade, ex:Delay, ex:Exert ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Limit a skos:Concept ;
skos:prefLabel "Limit" ;
skos:definition "Reduce the impact of a successful attack." ;
skos:narrower ex:Shorten, ex:Reduce ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases impact" .
ex:Expose a skos:Concept ;
skos:prefLabel "Expose" ;
skos:definition "Reveal the adversary's activities to better prepare defenders for future attacks." ;
skos:narrower ex:Detect, ex:Reveal, ex:Scrutinize ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood and impact" .
# The specific effects concepts are defined here, with their relationships to the high-level effects concepts
ex:Deter a skos:Concept ;
skos:prefLabel "Deter" ;
skos:definition "Discourage adversaries from attempting an attack through threats or other means of dissuasion." ;
skos:broader ex:Redirect ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Divert a skos:Concept ;
skos:prefLabel "Divert" ;
skos:definition "Channel adversaries away from high-value targets by creating false targets or deception." ;
skos:broader ex:Redirect ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Deceive a skos:Concept ;
skos:prefLabel "Deceive" ;
skos:definition "Mislead adversaries into taking ineffective or suboptimal actions." ;
skos:broader ex:Redirect ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Expunge a skos:Concept ;
skos:prefLabel "Expunge" ;
skos:definition "Eradicate adversaries from the system or network entirely." ;
skos:broader ex:Preclude ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Preempt a skos:Concept ;
skos:prefLabel "Preempt" ;
skos:definition "Actively counter adversary activities before they can cause harm." ;
skos:broader ex:Preclude ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Negate a skos:Concept ;
skos:prefLabel "Negate" ;
skos:definition "Neutralize the adversary's ability to exploit a vulnerability or conduct an attack." ;
skos:broader ex:Preclude ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Contain a skos:Concept ;
skos:prefLabel "Contain" ;
skos:definition "Restrict the adversary's movement or access within a system or network." ;
skos:broader ex:Impede ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Degrade a skos:Concept ;
skos:prefLabel "Degrade" ;
skos:definition "Reduce the adversary's capabilities or the effectiveness of their tools and techniques." ;
skos:broader ex:Impede ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Delay a skos:Concept ;
skos:prefLabel "Delay" ;
skos:definition "Slow down the adversary's progress or actions, buying time for defenders to respond." ;
skos:broader ex:Impede ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Exert a skos:Concept ;
skos:prefLabel "Exert" ;
skos:definition "Apply pressure on the adversary, forcing them to expend more resources or take less desirable actions." ;
skos:broader ex:Impede ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood" .
ex:Shorten a skos:Concept ;
skos:prefLabel "Shorten" ;
skos:definition "Reduce the duration of a successful attack, limiting the adversary's ability to cause damage." ;
skos:broader ex:Limit ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases impact" .
ex:Reduce a skos:Concept ;
skos:prefLabel "Reduce" ;
skos:definition "Diminish the extent or severity of the
consequences resulting from a successful attack." ;
skos:broader ex:Limit ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases impact" .
ex:Detect a skos:Concept ;
skos:prefLabel "Detect" ;
skos:definition "Identify adversary activities, enabling defenders to respond more effectively." ;
skos:broader ex:Expose ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood and impact" .
ex:Reveal a skos:Concept ;
skos:prefLabel "Reveal" ;
skos:definition "Uncover information about the adversary's tactics, techniques, and procedures." ;
skos:broader ex:Expose ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood and impact" .
ex:Scrutinize a skos:Concept ;
skos:prefLabel "Scrutinize" ;
skos:definition "Examine and analyze the adversary's activities in detail to improve defensive capabilities." ;
skos:broader ex:Expose ;
skos:inScheme ex:EffectsVocabulary ;
skos:note "Impact on Risk: Decreases likelihood and impact" .
I then asked it if it could use the SKOS taxonomy to generate a network diagram in Mermaid.js notation.
To generate a diagram from this notation, you can copy and paste this code into the Mermaid Live Editor (https://mermaid-js.github.io/mermaid-live-editor/). This will produce the following diagram:
I have to say I'm pretty impressed with ChatGPT's ability to generate the above just from the text contained in my blog post about the effects vocabulary. I'm excited for what this means for domain experts who might not need to enlist the expertise of a Knowledge Engineers or Ontologists to quickly capture domain specific knowledge.