Ontology of Cyber Security of Self-Recovering
Smart GRID
Sergei A. Petrenko Krystina A. Makoveichuk
Information Security Department Department of Informatics and Information Technologies
Saint Petersburg Electrotechnical University (LETI) Vernadsky Crimean Federal University
St. Petersburg, Russia Yalta, Russia
s.petrenko@rambler.ru christin2003@yandex.ru
Abstract—The article describes the modern Smart Grid from II. PROBLEMS OF RESTORING THE
the standpoint of providing resistance to negative impacts, SUSTAINABILITY OF THE SMART GRID
preventing them, and quickly restoring functions after accidents
in accordance with the requirements of energy security. To Today, the most significant projects to create power grids
implement this goal, the developed ontology of cyber-security of based on the Smart Grid are carried out in the USA and Russia,
self-recovering Smart Grids has been proposed for in the countries of the European Union, as well as in Canada,
implementation. A critical analysis of approaches and methods to Australia, China and Korea. In the last decade, various models
ensure the sustainability of the functioning of power systems in have been developed to assess the readiness of electrical
the event of their destabilization. The ideology of sustainability of networks to convert to intelligent levels of Smart Grid
Smart Grid power systems on the basis of immunity was technologies.
developed and a scheme for the formation of immunity for
disturbances was proposed. The first model was developed on the basis of the widely
used software industry maturity model (Maturity Model), led
Keywords—Smart Grid; ontology; self-recovery; immunity; by IBM, in 2007. As the utility industry embarks on the
cyber-security. transformation of the outdated power grid to the new smart
grid, it has to develop a shared vision for the smart grid end-
I. INTRODUCTION state and the path to its development and deployment. The
Currently, in a number of developed countries, the smart grid maturity model (SGMM) is presenting a consepsion
technology of intelligent power grids Smart Grid (active- of the smart grid, the benefits it can bring and the various levels
adaptive intelligent network) is widely used to deliver of development. SGMM is helping numerous utilities
electricity to the consumer using modern digital technologies. worldwide develop targets for their smart grid strategy, and
build roadmaps of the activities, investments and best practices
Smart Grid technologies, when implemented in the energy that will lead them to their future smart grid state. IBM worked
systems, both existing and new, designed, can provide the closely with members of the Intelligent Utility Network
required innovative properties of the systems. Thanks to Smart Coalition (IUNC) to develop, discuss and revise several drafts
Grid energy saving is provided, costs are reduced, network of the SGMM. Also, this team was assisted by APQC, a
reliability and transparency of the management process are member-based nonprofit organization that provides
increased. To implement large-scale programs for transforming benchmarking and best-practice research for approximately
electric grids into intelligent ones and developing appropriate 500 organizations worldwide [2].
standard solutions, the world's largest companies have
established the Smart Energy Alliance. It includes GE Energy This model was brought to practical use by programmers
(General Electric), Capgemini, Cisco Systems, Siemens, HP, from the Carnegie Mellon University, SEI (Software
Intel, SAP AG, Oracle, and others [1]. However, modern Engineering Institute). The Carnegie Mellon Software
power systems, which are complex distributed heterogeneous Engineering Institute was govern the SGMM model, working
systems, do not possess the required stability for targeted in conjunction with Carnegie Mellon University and the
operation in the current and anticipated information Carnegie Mellon Electricity Industry Center. Then, the institute
confrontation, because of the high complexity of construction was leverage its 20 years of experience with goal of working-
and the potential danger of undeclared functioning of out of the Capability Maturity Model Integration (CMMI).
equipment and system-wide software, including hypervisors of In Russia, since 2011, a large-scale project to create an
the enemy. The relevance of the development of the cyber- intelligent power system with an active-adaptive network (IPS
security ontology for self-recovering Smart Grid is explained AAN) is being implemented.
by the need to create an intelligent system for ensuring the
sustainability of "smart" energy systems in the context of Expert working groups led by the Architectural Committee
information countermeasures. at the Scientific and Technical Council of JSC FGC UES and
the Russian Academy of Sciences (RAS) developed the main
provisions and approaches to the creation of a reference
architecture of the said intellectual power system. As part of
98
�the implementation of this project in the UES of the East for In intellectual grids based on Smart Grid, it is advisable to
the period until 2014 with the prospect of up to 2020, the IPS use ontology (meta-ontology) of cyber-security as a way of
AAN polygon was created, which is a complex of software and representing knowledge about qualitative characteristics and
hardware that form the environment for supporting the quantitative patterns of information confrontation [1].
development of IPS AAN solutions.
The ontology of cybersecurity, according to Thomas
The main purpose of the Polygon is to support the Grubber, is a certain specification of the conceptualization of
implementation of projects in the field of intellectual energy the subject area of information confrontation [ 4, 5].
(Smart Grid) at all stages of the life cycle of these projects, as
well as the implementation of a unique "ecosystem" that Previously, questions of ontological modeling and artificial
contributes to the sustainable innovation development of the intelligence were considered by T. Gruber, N. Guarino, D.
power grid complex of the Russian Federation. Oberle, and others, and in the Russia by G. S. Pospelov,
D. A. Pospelov, E. V. Popov, L. S. Mussel, A. S. Kleshchev,
It is significant that in these projects the key is to make the I. L. Artemyeva, T. N. Vorozhtsova, D. N. Biryukov,
future Smart Grid energy systems and the development of the I. V. Kotenko, A. G. Lomako, and many others [3, 6-16, 17,
following two new capabilities: 18]. Presently, knowledge models are known in the form of
frame systems, semantic networks and production systems.
Resistance to negative impacts: the availability of special Frame systems and semantic networks allow us to describe the
methods for ensuring sustainability and survivability, reducing structure of objects in the domain and the relationship between
the physical and information vulnerability of all components them. Systems of products (rules) are used to represent
of the energy system and contributing to both prevention and knowledge of the domain in the form of statements "if-then".
rapid recovery from accidents in accordance with energy On the basis of these models, various knowledge representation
security requirements [3]; languages have been developed, which are the input languages
Self-recovery in emergency situations: the power system for some universal shells and expert systems.
and its elements should be able to maintain their technical
condition continuously in an efficient state by identifying, In the works of A. S. Kleschev. and Artemieva I. L. [11]
analyzing and switching from management to the occurrence formulated the main methodological principles for determining
of a situation to a preventive (warning) occurrence. Self- the ontology of the subject area.
recovering power system should allow maximum possible to 1) On the substantive level, ontology is understood to mean
minimize disruptions (disturbances) with the help of an the totality of agreements (definitions of terms of the subject
intelligent control system, including its most important domain, their interpretation, statements that limit the possible
component - the subsystem of cyber security. meaning of these terms, as well as the interpretation of these
Thus, an intelligent grid based on Smart Grid should be statements). Unlike empirical knowledge, these agreements can
proactive in relation to changing operational conditions and not be refuted by empirical observations.
monitor the impending technical problems before they can 2) Ontology, conceptualization, knowledge and reality must
adversely affect its safety and the sustainability of the operation be modeled by a single mathematical construction.
as a whole. Therefore, the components of the designed
intellectual subsystems of cybersecurity should include the 3) An explicit correspondence must be established between
appropriate components of containment, prevention, detection, the properties of the subject domains and the elements of this
neutralization and self-recovery. mathematical construction.
Multi-agent systems for coordinating control systems 4) The ontology model of each subject area should contain
using a transient regimes monitoring system (RTMS) and both formal elements and their meaningful interpretation in
FACTS devices, self-recovery of district power plants; terms understandable to specialists of this subject area.
Artificial intelligence, and, including, neural networks 5) The ontology and its model should be observable even
for solving problems of identification and management; expert for complex subject areas with a large number of concepts.
systems for training and conducting training, early detection
and localization of emergency pre-emergency regimes; In the works of I.V. Kotenko [12-14] considered ontology
Adaptive vector control of flexible AC systems for and possible multi-agent intellectual mechanisms for managing
primary and secondary automatic control of voltage and cybersecurity in computer systems and networks that allow to:
reactive power, optimization of power modes; 1) Collection of information on the status of the
Adaptive automatic control for renewable energy information system and its analysis through mechanisms for
sources, including wind, tidal, solar, and in the future, space processing and merging information from various sources;
solar power plants;
Intellectual cybersecurity, capable of providing the 2) Proactive prevention of cyberattacks and preventing their
required stability of the future Smart Grid energy systems in implementation;
the context of information confrontation, etc. 3) Detection of abnormal activity and explicit cyberattacks,
III. ONTOLOGY OF CYBERSECURITY as well as illegitimate actions and deviations of users' work
from the security policy, prediction of intentions and possible
One of the special issues of computer science and artificial actions of violators;
intelligence is ontology.
99
� 4) Active response to attempts to implement the actions of including, hypervisors. The means of identifying and complex
violators by automatic reconfiguration of protection neutralizing information and technical impacts combining the
components to reflect the actions of violators in real time; possibilities of joint combined use of technologies for
obtaining unauthorized access, hardware-program bookmarks
5) Misinformation of the attacker, concealment and and malicious software are still not effective enough [1, 10,
camouflage of important resources and processes, "enticement" 20].
of the attacker into false (fraudulent) components for the
purpose of disclosing and clarifying its purposes, reflexive Moreover, neither traditional means of information
control over the behavior of the attacker; protection at the levels: Level 4 - ERP; Level 3 - MES; Level 2
- SCADA; Level 1 - Programmable logic controller (PLC) /
6) Monitoring the functioning of the network and Relay protection and automation (RPA); Level 0 - field devices
monitoring the correctness of the current security policy and that include traditional means: protection from unauthorized
network configuration; access, firewalling, traffic filtering (Modbus, OPC, IEC 104),
7) Support for decision-making on the management of detection and prevention of cyberattacks (IDS / IPS), antivirus
security policies, including on adaptation to subsequent protection, cryptographic protection of information, analysis
incursions and strengthening of critical defense mechanisms. security, integrity control and cyber security management in
general based on SCIRT / CERT / SOC), nor the known means
In the works of D. Biryukov. and Lomako A.G. [6, 10] the of ensuring the stability of power systems using backup,
ontology and the system image of intellectual systems of calibration and reconfiguration capabilities are no longer
cyber-security with the property of anticipation are grounded. suitable for I ensure the required performance of the promising
In particular, a new class of systems to prevent computer Smart Grid in the conditions of information confrontation.
attacks, which are self-learning intellectual systems of self-
organizing gyromas. It is shown that the application of the IV. DEVELOPMENT OF A NEW ONTOLOGY OF
proposed intellectual systems in practice allows to more CYBER-SECURITY
successfully solve the problems associated with the prevention
of risks of the implementation of cyber threats. The analysis of probable scenarios for the purposeful
informational impact on the future Smart Grid energy systems
In 2011, based on the RDF language, basic for the Semantic was conducted with the aim of developing a new ontology of
Web, a general conceptual (reference) model of the Smart Grid cybersecurity. The typical structure of the mentioned power
was created, containing structured and unstructured systems is considered and the characteristics of their
information (authors and support of researchers from the vulnerabilities are given. The specifics of the implementation
Karlsruher Institut für Technologie Institut AIFB). Despite the of security threats and possible risks to the performance of a
fact that this ontology was the most complete, the issues of typical power system are revealed. The specifics of the
information protection in it, as well as in other Smart Grid implementation of information and technical impacts on
ontologies, were not considered. critical elements of prospective power systems are revealed
[16].
Russian scientists in [20, 21] was developed ontology
Smart Grid information security as a result of the merger of A critical analysis of existing methods and tools for the
two ontologies: Gridpedia and ontology of cybersecurity in the detection and neutralization of information and technology
energy sector (e.g. [22, 23]). The authors based on the fact that impacts, including targeted or targeted attacks, APT. The
Gridpedia can be used for a sufficiently detailed description of assessment is made of the suitability of traditional means of
the Smart Grid as a power system, and the ontology of protecting information in power systems for the prevention,
cybersecurity in the power industry allows us to describe the detection and neutralization of information and technology
system from the point of view of information security. impacts. The shortcomings of the organization of the means of
However, the practical implementation of a new ontology, like providing and monitoring the policy of cybersecurity on the
Gridpedia, or the addition of Gridpedia with new resources was basis of IEC 62351-8 [16] are shown.
not implemented (Gridpedia allows users to jointly define
concepts). In addition, the Gridpedia project was not, in As a result, the ontology of cyber-security of self-
principle, supplemented or expanded from 2014. recovering Smart Grid was proposed, which allows describing
the organization of self-recovering of perspective energy
In the context of information confrontation, a more systems in conditions of information confrontation on the basis
advanced ontology of cyber security, Smart Grid, is required, of immunity to disturbances by analogy with the immune
which allows to prevent the reduction of power systems to system of protection of a living organism.
catastrophic consequences.
The relevance of the new ontology of cyber security Smart
This formulation of the problem required a significant Grid is confirmed by the requirements of the Doctrine of
revision of the well-known concept of providing information Information Security of Russia (2016), the federal law On the
security for Smart Grid. The point is that modern power Security of the Critical Information Infrastructure of the
systems, which are complex distributed heterogeneous systems, Russian Federation (2017), GOSTs of the Federal Agency for
do not possess the required stability for targeted operation in Technical Regulation and Metrology (2016) normative and
the current and prospective information warfare because of the methodological documents (2007) and the order of FSTEC of
high complexity of construction and the potential danger of Russia "On approval of the Requirements for ensuring the
undeclared operation of equipment and system-wide software, protection of information in automated control systems for
100
�production and technological processes on critical issues ki 2007 FSTEC documents: "Basic model of threats to
important objects ... "(2014) and others. information security in key information infrastructure
systems", "Methodology for determining current threats to
In this article, the cyber-security ontology of self- information security in key information infrastructure
recovering Smart Grid (hereinafter - the ontology of systems", "General requirements for ensuring information
cybersecurity) is understood as the basis for reusable security in key information infrastructure systems",
knowledge of a special kind, or the "specification of "Recommendations for ensuring information security in key
conceptualization" of such a hard-formalized subject area as information infrastructure systems", "Regulations on the
ensuring the sustainability of functioning of perspective energy registry of key information infrastructure systems"; draft
systems in the context of information confrontation. This documents for 2016: "Protection measures in the automated
means that in this area, based on the classification of the basic process control system", "Methodology for determining threats
terms of cybersecurity, it is first necessary to isolate the basic to information security in the automated process control
concepts (concepts), and then to determine the connections system", "Procedure for identifying and eliminating
between them (conceptualization). In this case, the ontology of vulnerabilities in the automated process control system",
cybersecurity can be represented both graphically and "Procedure for responding to incidents related to the violation
analytically (for example, a formal grammar and programming
of information security".
language or some mathematical model).
4. GOST R 53114-2008 "Ensuring information security in
Two methodological approaches were used to develop the the organization" and GOST R 50922-2006 "Information
ontology of cybersecurity. In the first, for the graphical security. Basic terms and definitions "; GOST of the Federal
representation of the ontology of cybersecurity, the IDEF5 Agency for Technical Regulation and Metrology - Network
Schematic Language is used, and for the analytical description communication industrial. Security (cybersecurity) of the
is the text language IDEF5 Elaboration Language. In order to network and system: GOST R 56205-2014 IEC / TS 62443-1-
automate the simulation of this ontology of cyber security, a 1-200. Part 1-1. Terminology, conceptual provisions and
demonstration prototype of the SBONT tool of Knowledge models, GOST R IEC 62443-2-1-2015. Part 2-1. Preparation of
Based Systems, Inc. is used. the program for ensuring the security (cybersecurity) of the
Implementation of the first methodological approach took 5 control system and industrial automation, GOST R 56498-2015
years (2000-2005). Currently, the ontology of cybersecurity / IEC / PAS 62443-3: 2008. Part 3. The security (cybersecurity)
contains a description of 800 terms from the field of of the industrial measurement and control process; GOST R
information security (two volumes with a volume of 1284 56545-2015 "Information security. Vulnerabilities of
pages with text and graphic schemes have been prepared), and information systems. Vulnerability Definition Rules (defines
are constantly maintained in the current state. the content of vulnerability information that security control
vendors should include in their solution database, while the
For the current version of the ontology of cybersecurity as document takes into account existing practices and
the initial data were also used terms and definitions of the vulnerability description tools such as Common Weakness
following regulations and recommendations of the best Enumeration (CWE), the formal language the Open
practice: Vulnerability and Assessment Language (OVAL), the
1. Thesaurus of normative documents "The Doctrine of Common Vulnerability Scoring System (CVSS) vulnerability
Information Security of Russia" (2016), "The main directions assessment methodology; GOST R 56546-2015 "Information
of the state policy in the field of ensuring the safety of the security. Vulnerabilities of information systems. Classification
automated control system of the Russian Federation" and the of vulnerabilities» (defines the most common types of
"System of Critical Objects ..." of the Security Council of the vulnerabilities, allowing to unify the terminology used by
Russian Federation. pentester) [24].
2. The thesaurus of the Federal Law of the Russian 5. Best practice: ISO / IEC 27000 standards in the general
Federation of July 27, 2006, No. 149-FZ "On Information, principles of ensuring the safety of digital control systems,
Information Technologies and Information Protection", Federal including ISO / IEC 27032: 2012 "Guidelines for
Law No. 16-FZ dated February 9, 2007 "On Transport Cybersecurity" and ISO / IEC 27000 "Information technology.
Security", Federal Law No. 256-FZ of July 21, FZ "On the Methods of ensuring safety. Information security management
Safety of Fuel and Energy Complex Facilities", Federal Law systems. General overview and terminology "; IEC TC57
No. 116-FZ of 21.07.1997 "On Industrial Safety of Hazardous standards: IEC 61850, IEC60870, IEC 62351 regarding the
Production Facilities", Federal Law of the Russian Federation safety of communication protocols; standard INL Cyber
No. 170-FZ of 21.11.1995 "On the Use of Atomic Energy", Security Procurement Language 2008 [25].
Federal Law " On the Security of the Critical Information 6. Recommendations: NIST-800-82 r.2 "Guide to Industrial
Infrastructure. " Control Systems (ICS Security) - Guide for the security of
3. Documents of FSTEC of Russia: Order No. 31 of process control systems" dated 05.2015, Control Systems
14.03.2014 "On Approving the Requirements for Providing Security Program / National Cyber Security Division
Information Protection in Automated Control Systems of Recommendations for the developers of the standard), IEC
Production and Technological Processes on Critical Objects, 62443 and ISA 62443 (documents of the International
Potentially Hazardous Objects, and Objects of Increased Electrotechnical Commission (IEC) and 99 of the Committee
Danger to Life and Health of People and for the environment "; for the Development of Safety Standards of the Automated
101
�Automation System (ISA) of the International Automation This allowed us to use enumerated types to describe fixed
Society (ISA), NERC CIP (Critical Infrastructure Protection) vocabulary structures of the knowledge base of the domain,
security (NERC), Departament of Homeland Security: Cyber define multiple links to define many-to-many relationships, and
Security Procurement for ICS, Developments of US-CERT apply logical (Boolean) combinations of classes to define the
(manuals, models of threats and infringers, rules for responding connections of the complex structure of the Smart Grid
to cybercriminal, vulnerability databases, etc.) ontology of cyber-security with memory. It has been shown
that the OWL language allows you to specify different
The development of this ontology of cybersecurity was representations of the mentioned ontology of cybersecurity.
carried out in stages:
It was decided to use the OWL representation in XML
1) defining the context of the ontology of cybersecurity; syntax as the most common and convenient for automatic
2) data collection - definition of the sources of terms and processing and analysis of the texts of ontologies of
selection of terms for the ontology of cybersecurity; cybersecurity by appropriate software tools. An example of a
description of the ontology of cybersecurity using this syntax is
3) data analysis - definition of the main terms and terms of given (Table 1).
elements, relationships, verbal description of terms;
Integration of separate parts of the cyber-ontology ontology
4) development of ontology of cybersecurity - creation of a involves the inclusion of ontologies into each other at the level
schematic and analytical description of the mentioned of the language (the owl: imports design). This allowed us to
ontology; describe the basic concepts, connections and individuals related
5) validation of the ontology of cyber-security - checking to the named subject area.
the completeness and correctness of the ontology, compliance To dynamically expand and modify the knowledge base, a
with the original requirements. description of the rules for building connections in the SWRL
The ontology of cybersecurity is represented by graphical language, which is integrated into ontologies formed in OWL,
schemes in the language of IDEF5 Schematic Language (524 is used. The rules are used to describe the dynamic
schemes) schemes and corresponding analytical descriptions in relationships between individuals ontologies that arise when
the text language of IDEF5 Elaboration Language. The above certain conditions exist.
analytical descriptions of the ontology of cybersecurity are For example, such relationships can describe the
performed in accordance with the previously developed applicability of the method for solving the problem of ensuring
methodology: the required stability of the Smart Grid in the conditions of
1) entering the notation of basic and auxiliary terms of information confrontation, depending on the characteristics of
cybersecurity; the input data. Using the construction of dynamic relationships
in conjunction with the inclusion of ontology makes it possible
2) explanation of the terms-elements with the help of to implement a partial logical inference already at the level of
unrelated types; interpretation of the ontological structure. To do this, a set of
3) assigning to each term-element a unique identifier; active facts, formed in the process of interaction with the user,
is formalized as a separate ontology using the inclusion of a
4) definition of input and output links for each term; basic ontological structure. Interpretation of the received
5) fixing connections of elements; structure allows to carry out the analysis of the basic
ontological structure taking into account the entered facts.
6) verification of the correctness of descriptions. TABLE I. EXAMPLE ONTOLOGY REPRESENTATION OF CYBERSECURITY
7) if necessary, updating and clarifying the descriptions. The view of the ontology of cybersecurity in the syntax of
OWL / XML
In the second methodological approach, the
recommendations of the W3C consortium (The World Wide
Web Consortium) are used to represent the ontology of
with memory, OWL is used, which provides a detailed
description of ontology classes, individuals belonging to these
language extends the capabilities of the RDF language, which
provides an opportunity to operate with the basic "subject-
defines the basic structures and relationships between classes
describing the complex connections between individuals on the
ontology of cyber-security Smart Grid, the variant of the OWL ]>
DL language is used.
102
�
xmlns:swrl="http://www.w3.org/2003/11/swrl#" PREFIX rdfs:
xmlns:ruleml="http://www.w3.org/2003/11/ruleml#">
SELECT ?E ?L ?C WHERE {
?E rdf:type escience:DataSet .
?E rdfs:label ?L .
OPTIONAL {?E rdfs:comment ?C} .
nano:Hf escience:hasInput ?E .
?E escience:isValue ?V .
?V rdf:type escience:SelectedValue
}
V. EXAMPLE OF STRUCTURE OF ONTOLOGY
Here is a possible structure of the ontology of cyber-
security for describing the set of knowledge used in organizing
confrontation. This structure was tested in 2012 in joint studies
of the scientific schools of cybersecurity LETI, ITMO and the
faculty of Computational Mathematics and Cybernetics of
Lomonosov Moscow State University.
In the ontology we distinguish two main layers: the
description of concepts (classes) and individuals that
implement concepts [26]. Thus individuals can be connected
by the relations defined at level of concepts. In addition, the
relationship between individual concepts is acceptable (for
example, the generalization ratio). In the simplest case, the set
of relations can be bounded by two-dimensional relations.
Another element of ontology is the attributes (characteristics)
of individuals, detailing their description. In addition, one of
the possible extensions is the association of characteristics not
only with individuals (as class implementations), but also with
the relationships between them (as implementations of classes
Formally, the ontology class layer is defined as a graph
O C, R
where C – is the set of classes, R – is the set of abstract
relations connecting classes.
Similarly, a layer of individuals ontology is defined as a
graph
To perform queries on the ontological structure, the ~ ~ ~
SPARQL language is used, which allows using the existing O C, R
ontological interpretation tools to analyze the Smart Grid
ontology of cyber security with memory (including the ~ ~
construction of dynamic rule relationships). An example of a where C – is the set of individuals, and R – is the set of
query is shown in Table 2. relations between individuals. Thus for each element layer of
individuals identified:
a) generalization ratio
103
� ~
gn (C ) : C C A possible scheme for the formation of immunity to
disturbances is shown (see Fig. 1 and Fig 2).
~
gn ( R ) : R R
which determines the relationship of individuals and the
connections between them with the corresponding classes and
class relationships;
b) "guard condition", determining the applicability of the
elements in these conditions
~
gc (C ) ( F ) : C {0,1}
~
gc ( R ) ( F ) : R {0,1}
where F – is the set of active facts defined for the current
task;
c) criterion estimation function
~
k (C ) ( F ) : c~ C | gc (C ) (c~ ) 1 (C )
Fig. 1. The scheme of formation of immunity
k ( R) (F ) : ~
~
r R | gc ( R ) (~
r ) 1 ( R)
where (C) and (R), respectively, the space of criteria for
evaluating individuals and the relationships between them.
The inference block allows us to determine the way of
solving the problem as a tuple S = (s1, s2 ... sN) of a fixed
structure whose i-th element is a set of the form
~
si c~ C | gn (C ) (c~ ) ci
where the sequence of classes ci C and requirements for
sets si determines the overall structure of the solution. To
evaluate the solution constructed by the criteria system, graph
analysis is used
~ ~ ~ ~ ~
O ' C ' , R ' : C ' si C S
i
where
~
C S c~S | c~S si , c~1 si : rch(c~S , c~1 )
i i Fig. 2. The structure of the ontology classes of cybersecurity
it is an attached class system, Here:
Problem - the problem solved within the scope of the
rch(c~1 , c~2 ) subject area;
Method - a method that provides a solution to the task;
it is the ratio of the reachable on the graph.
Service - the computing service that implements this
The estimation is carried out in the space of criteria , method;
defined by the intersection of the sets of criteria describing the
spaces (C) and (R).
104
� ServiceImplementation - a copy of the service, available as
part of the software package;
DataSet - a set of input or output data for a given method or
task;
Value - the size of the domain used as input and output data
for solving problems. There are two specific classes of
quantities that differ in the way they are assigned:
FileExtractedValue - retrieved from the files of the value.
The extraction method is described as a class (in the
component source code) that implements the
IFileValueExtractor standard interface.
SelectedValue - values selected from the list of available.
The list of available values is specified in the ontology by
individuals belonging to the subclasses of the
SelectionDictionary class.
FileType - file containing the values available for Fig. 3. Scheme of interaction between implementations
extraction.
The choice of a scientific and methodical apparatus suitable
The structure of the accumulated immunity database is for solving the problems of the organization of self-recovering
specified by the ADO.NET Entity Framework model. To of the Smart Grid was carried out. The use of the theory of
organize access to the database, a library is built that provides formal languages and grammars for the generation and
access to the entity instances stored in the database through the recognition of possible types of mass perturbation structures is
ADO.NET Entity Framework. This approach provided the proposed. The formation of immunity to destructive
possibility of accessing the database as a set of interrelated disturbances with the use of the results of the theory of control
collections storing instances of classes equivalent to database and restoration of the functioning of the Smart Grid
entities. The implementation of direct access to the ontological
structure using the Pellet API (RunLib variant) is proposed. The conceptual bases of self-recovery of perspective energy
The interface implemented by this module includes the systems in the conditions of information confrontation are put
following basic methods of working with an ontological forward and substantiated and a new, more perfect, ontology of
structure: cyber-security of self-recovering Smart Grid is developed.
CreateSession () - creates a session, returns the string REFERENCES
identifier of the session. [1] Petrenko S.A., Stupin D.D. Natsional'naya sistema rannego
AddOWLModel (, ) is an preduprezhdeniya o komp'yuternom napadenii [National system of
advance computer attacks alerting]. Innopolis, Afina Publ., 2017. 440 p.
ontological structure extension that is specified in OWL in the (In Russ.).
form of a separate ontology with possible references to existing [2] Barabanov A.V., Markov A.S., Tsirlov V.L. Methodological Framework
elements. for Analysis and Synthesis of a Set of Secure Software Development
Controls, Journal of Theoretical and Applied Information Technology,
ExecuteQuery (, ) is a request to the 2016, vol. 88, No 1, pp. 77-88.
ontological structure extended within the current session. The [3] Massel L., Voropay N., Senderov S., Massel A. Cyber Danger as One of
query is specified in SPARQL, the result of which is a string the Strategic Threats to Russia's Energy Security. Voprosy
containing the results in XML format. kiberbezopasnosti [Cybersecurity issues]. 2016. No 4 (17), pp. 2-10.
DOI: https://doi.org/10.21681/2311-3456-2016-4-2-10.
The general scheme of interaction of RunLib [4] Gruber T. A translation approach to portable ontology specifications.
implementation with the ontology interpreter is presented (see Knowledge Acquisition, 1993, V. 5, I. 2, pp. 199-220. DOI:
Fig. 3). 10.1006/knac.1993.1008.
[5] Gruber T. Toward Principles for the Design of Ontologies Used for
Knowledge Sharing? International Journal Human-Computer Studies,
1995, V. 43, I. 5–6, pp. 907-928. DOI: 10.1006/ijhc.1995.1081.
VI. CONCLUSIONS [6] Biryukov D. N., Lomako A. G., Rostovtsev Yu. G. The appearance of
As a result of the work done, the imperfection of the anti-cyber systems to prevent the risks of cyber-threat [Proc. SPIIRAN].
traditional means of monitoring and restoration of the 2015, V. 39, pp. 5 - 25. DOI: http://dx.doi.org/10.15622/sp.39.1.
operability of the Smart Grid power systems is revealed. The [7] Guarino N. Formal Ontology and Information Systems. In Proc.
International Conference on Formal Ontology in Information Systems
ways of ensuring the stability of the functioning of power (FOIS’98). Amsterdam, IOS Press, 6-8 June, 1998, pp. 3-15.
systems under hostile mass information and technical
[8] Guarino N., Musen M. Applied ontology: The next decade begins.
influences are investigated. The goals and objectives of Applied Ontology. - 2015. - V. 10, no. 1, pp. 1-4. DOI: 10.3233/AO-
ensuring the sustainability of these prospective power systems 150143.
in the context of information confrontation are formalized. [9] Guarino, N. Services as Activities: Towards a Unified Definition for
(Public) Services. In Proc. Enterprise Distributed Object Computing
Workshop (EDOCW), 2017 IEEE 21st International. Quebec City, QC,
105
� Canada, 10-13 Oct., 2017, pp. 102 - 105. DOI: [19] Pashchenko I. N., Vasilyev V. I., Guzairov M. B. Smart Grid security
10.1109/EDOCW.2017.25. system on the basis of intelligent technologies: rule base design.
[10] Kharzhevskaya, A.V, Lomako, A.G, Petrenko S.A. Representing Izvestiya SFedU. Engineering Sciences [News of SFedU. Technical
programs with similarity invariants for monitoring tampering with science], 2015, pp. 28–37. (In Russ.).
calculations. Voprosy kiberbezopasnosti [Cybersecurity issues]. 2017. [20] Vorobiev E.G., Petrenko S.A., Kovaleva I.V., Abrosimov I.K.
No. 2(20), pp. 9-20. DOI: 10.21681/2311-3456-2017-2-9-20. Organization of the entrusted calculations in crucial objects of
[11] Kleschev A.S. Artemyeva I.L. Mathematical models of ontologies of informatization under uncertainty. In Proceedings of the 20th IEEE
subject domains. Part 2. Components of the model. Novosibirsk State International Conference on Soft Computing and Measurements (24-26
University Journal of Information Technologies, 2001, ser. 2, no. 3, pp. May 2017, St. Petersburg, Russia). SCM 2017, 2017, pp. 299 - 300.
19 – 29. (In Russ.). DOI: 10.1109/SCM.2017.7970566.
[12] Kotenko I. Multi-agent Modelling and Simulation of Cyber-Attacks and [21] Vorobiev E.G., Petrenko S.A., Kovaleva I.V., Abrosimov I.K. Analysis
Cyber-Defense for Homeland Security. In Proc. IEEE Fourth of computer security incidents using fuzzy logic. In Proceedings of the
International Workshop on "Intelligent Data Acquisition and Advanced 20th IEEE International Conference on Soft Computing and
Computing Systems: Technology and Applications" (IDAACS'2007). Measurements (24-26 May 2017, St. Petersburg, Russia). SCM 2017,
Dortmund, Germany, 6-8 September, 2007, pp. 614-619. DOI: 2017, pp. 369 - 371. DOI: 10.1109/SCM.2017.7970587.
10.1109/IDAACS.2007.4488494. [22] Vorozhtsova T.N., Pyatkova N.I. Ontology engineering threats to energy
[13] Kotenko I., Novikova E. Visualization of Security Metrics for Cyber security. In: Critical Infrastructures: Contingency Nanagement,
Situation Awareness. In Proc. 2014 Ninth International Conference on Intelligent, Agent-Based, Cloud Computing and Cyber Security
Availability, Reliability and Security. Fribourg, Switzerland, 2014, pp. Proceeding of International Workshop CI:CM/IACC/CS – 2017 . 2017.
506 - 513. DOI: 10.1109/ARES.2014.75. P. 24-26.
[14] Kotenko I., Polubelova O., Saenko I., Doynikova E. The Ontology of [23] Massel A.G., Tyuryumin V.O. Events ontologies and their application
Metrics for Security Evaluation and Decision Support in SIEM Systems. for description of energy security threats. In Proc. of the Microwave &
In Proc. 2013 International Conference on Availability, Reliability and Telecommunication Technology (CriMiCo), 2014 24th International
Security. Regensburg, Germany, 2013, pp. 638 - 645. DOI: Crimean Conference, 2014, pp. 443-444. DOI:
10.1109/ARES.2013.84. 10.1109/CRMICO.2014.6959470.
[15] Mussel L.V. Problems of creating a Smart Grid in Russia from the [24] Markov A.S., Fadin A.A., Tsirlov V.L. Multilevel Metamodel for
standpoint of information technology and cyber security. In Proc. All- Heuristic Search of Vulnerabilities in The Software Source Code,
Russian Seminar with International Participation "Methodological issues International Journal of Control Theory and Applications, 2016, vol. 9,
of reliability research of large energy systems": Issue 64. Reliability of No 30, pp. 313-320.
energy systems: achievements, problems, prospects. Irkutsk, ESI SB [25] Barabanov A., Markov A., Fadin A., Tsirlov V., Shakhalov I. Synthesis
RAS, 2014, pp. 171-181. (In Russ.). of Secure Software Development Controls. In Proceedings of the 8th
[16] Nardi J., Falbo R., Almeida J., Guizzardi G., Pires L., Sinderen M., International Conference on Security of Information and Networks
Guarino N. An Ontological Analysis of Value Propositions. In: (Sochi, Russian Federation, September 08-10, 2015). SIN ‘15. ACM
Enterprise Distributed Object Computing Conference (EDOC), 2017 New York, NY, USA, 2015, pp. 93-97 DOI: 10.1145/2799979.2799998.
IEEE 21st International. Quebec City, QC, Canada, 10-13 Oct. 2017, pp. [26] Bazaron S., Rukavichnikov A. Method specifications subject area
184-193. DOI: 10.1109/EDOC.2017.32. discipline based on ontological approach. Voprosy kiberbezopasnosti
[17] Pospelov D.A. Introduction to applied semiotics. News of Artificial [Cybersecurity issues]. 2014. No 5 (8), pp. 52-58. DOI:
Intelligence, 2002, no. 6. (In Russ.). https://doi.org/10.21681/2311-3456-2014-5-43-46.
[18] Pospelov G.S. Artificial intelligence is the basis of the new information
technology. Moscow, Nauka, 1988. 280 p. (In Russ.).
106
�