Knowledge representation to support partially automated honeypot analysis based on Wireshark packet capture files
ECU Security Research Institute
The automation of packet analysis, even partially, is very much desired, because packet analysis is time-consuming and requires technical knowledge and skills. This paper presents the Packet Analysis Ontology (PAO), a novel OWL ontology that covers the terminology of packet analysis, including concepts and properties, as well as their restrictions, to be used for knowledge representation and automated reasoning in this field. This ontology defines protocols and ports required for capturing the semantics of network activities, many of which are not defined in any other ontology.