Schema

Adhering to our aim for AVID resources to be expandable and adaptable to practitioner needs, we have adapted the MISP Taxonomy System to standardize and share the two views of our taxonomy. MISP taxonomies are used to tags cybersecurity events, indicators, and threats using three components:

  • namespace is an unique identifier of the taxonomy being used

  • predicate is a high-level category

  • value is a low-level subcategory under a predicate.

Each MISP taxonomy is specified using a single JSON file that contains the namespace, a list of predicates, lists of values under each predicate, and auxiliary metadata. Below is a sample schema:

{
    "namespace": ...,
    "description": ...,
    "version": ...,
    "predicates": [
        {
            "value": ...,
            "expanded": ...,
            "description": ...
        },
        ...
    ],
    "values": [
        {
            "predicate": ...,
            "entry": [
                {
                    "value": ...,
                    "expanded": ...,
                    "description": ...
                },
                ...
            ]
        },
        ...
    ]
}

This specification can be used to tag any relevant threat information as namespace:predicate:value. As long as a taxonomy is specified using the above structure, tags can be generated in the above structure, providing the user with the flexibility of using multiple taxonomies, some of which may be specific to their own application context.

Example

The MISP specifications of the AVID taxonomies are available for the Effect/SEP View and the Lifecycle View.

As an implementation example, consider the vulnerability AVID-2022-V013, which is about the Microsoft Tay Poisoning incident. We have assigned the following taxonomy categories to it:

View
Category
ID

Effect

Security

S0601: Ingest Poisoning

Effect

Ethics

E0101: Group Fairness

Effect

Ethics

E0301: Toxicity

Lifecycle

Lifecycle

L06: Deployment

The MISP tags for this vulnerability will be the following:

avid-effect:security:S0601
avid-effect:ethics:E0101
avid-effect:ethics:E0301
avid-lifecycle:lifecycle:L06

Custom Taxonomies

Using the MISP format allows us to seamlessly integrate arbitrary taxonomies into the AVID database and related workflows. This is crucial for driving practitioner adoption, since AI developers and vendors often work off of operational taxonomies specific to the context of their domain of application. Examples of such deep taxonomies/categorizations include MITRE ATLAS, taxonomies for and , and . As a specific example of a non-AVID taxonomy in the MISP format, see the specifications for the .

We welcome the AI community to contribute to our repository of taxonomies, which you can find here. Doing so is easy: just create a JSON file for your taxonomy in the above schema and submit a Pull Request!

Last updated