D3FEND CAD

Cyber Attack-Defense Utility for Capturing Engagements and Understandable Scenarios

D3FEND CAD User Documentation

Put the D3FEND ontology into action with the D3FEND CAD Tool!

CAD is designed to be versatile and to support many modeling and diagramming use cases. When you create a CAD diagram you are implementing the D3FEND ontology, also known as "instances" of the ontology's classes.

1. Quickstart

  • See the examples by clicking button.
    • The shadowcat.json example models a CTI Report.
    • The bushwalk.json examples models malware "procedures".
    • The disk-formatting-contribution.json represents an advanced use case of CAD.
  • Drag and drop nodes onto the canvas to create your scenario, connect them by hovering over a node.
  • Click the on any node to select the correct class, you can type to filter.
  • Right click the various node types to apply ontology inference results to your diagram.
  • Connect nodes together, and select D3FEND object properties with autocomplete.
  • Extend the D3FEND ontology yourself! See the disk-formatting-contribution.json example.

2. Saving and loading

2.1 Loading

You can load a D3FEND CAD JSON file from your file system by clicking .

2.2 D3FEND CAD JSON

This is the native format the D3FEND CAD GUI uses. You can save a D3FEND CAD JSON file to your computer by clicking .

2.4 D3FEND CAD TTL

This format creates a file with D3FEND instances stored in Terse Triple Language (TTL). You can save a D3FEND CAD JSON file to your computer by clicking .

2.5 Creating a D3FEND Extension (TTL)

This format creates a D3FEND Extension file you can submit to the D3FEND team to add new concepts and relationships to the D3FEND ontology. An extension is serialized in the Terse Triple Language (TTL). You can save a D3FEND Extension file to your computer by clicking .

3. Sharing and Embedding

4. Design

4.1 CAD Schema

4.2 CAD Graph to Semantic Graph Conversions

5 Terminology

The D3FEND ontology is represented in the OWL2-DL specification. Ontologies in OWL2-DL can be serialized into json-ld, rdf/xml, and ttl formats. The D3FEND team prefers the ttl format.

The ontology comprises classes, object properties, data properties, and annotation properties. Additionally it includes OWL axioms.