Epistemology for cyber security: a controlled natural language approach

Leigh Edward Chase*, Alaa Mohasseb, Benjamin Aziz

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In this paper we introduce a new Controlled Natural Language (CNL) known as "Noam". It is used to express cyber security knowledge and for reasoning over it. The approach follows examples set by other domain-specific languages and constrained grammars, but is highly unusual due to its singular focus on cyber security. Like most CNLs Noam is both human-readable and machine-solvable, thus fulfilling important assurance requirements with respect to transparency and explainability. The language seeks to address a growing problem faced by security engineers and architects; namely, that their endeavours are constrained by the complexity and sheer interconnectedness of the systems they protect. This is further compounded by year-on-year vulnerability
disclosure rates and diversification of the Tactics, Techniques and Procedures used by threat actors. Our approach is analogical in which the Noam CNL is used to construct a system model, instrument it with data from the real environment and apply functional programming techniques in order to ’solve-for’ certain conditions of interest. The intention is to demonstrate the value of CNLs and semantic reasoning within cyber security, framed in the context of improving the information available to security engineers, architects and other decision-makers.
Original languageEnglish
Title of host publicationProceedings of the 6th International Conference on Information and Knowledge Systems
Publication statusAccepted for publication - 25 Apr 2023
EventThe 6th International Conference on Information and Knowledge Systems - Portsmouth Business School, Portsmouth, United Kingdom
Duration: 22 Jun 202323 Jun 2023
Conference number: 6


ConferenceThe 6th International Conference on Information and Knowledge Systems
Abbreviated titleICIKS2023
Country/TerritoryUnited Kingdom
Internet address


  • cyber security
  • explainable learning
  • controlled natural language
  • knowledge representation
  • epistemology
  • machine reasoning

Cite this