A framework for conceptual characterization of ontologies and its application in the cybersecurity domain (original) (raw)

References

  1. Agrawal, V.: Towards the ontology of ISO/IEC 27005:2011 risk management standard. In: HAISA (2016)
  2. Almeida, J.P.A., Guizzardi, G.: An ontological analysis of the notion of community in the RM-ODP enterprise language. Comput. Stand. Interfaces 35(3), 257–268 (2013)
    Article Google Scholar
  3. Almeida, J.P.A, Guizzardi, G., Sales, T.P., Falbo, R.A.: gUFO: A Lightweight Implementation of the Unified Foundational Ontology (UFO). Technical Repot Version 1, Federal University of Espirito Santo (2019). https://nemo-ufes.github.io/gufo/
  4. Babiceanu, R.F., Seker, R.: Cybersecurity and resilience modelling for software-defined networks-based manufacturing applications. Stud. Comput. Intell. 694, 167–176 (2017). https://doi.org/10.1007/978-3-319-51100-9_15
    Article Google Scholar
  5. Ben-Asher, N., Oltramari, A., Erbacher, R.F., Gonzalez, C.: Ontology-based adaptive systems of cyber defense. In: STIDS, pp. 34–41 (2015)
  6. Benevides, A.B., Guizzardi, G.: A model-based tool for conceptual modeling and domain ontology engineering in OntoUML. In: Enterprise Information Systems, pp. 528–538 (2009)
  7. Bergner, S., Lechner, U.: Cybersecurity ontology for critical infrastructures. In: KEOD, pp. 80–85 (2017)
  8. Bizer, C., Heath, T., Berners-Lee, T.: Linked data: the story so far. In: Semantic Services, Interoperability and Web Applications: Emerging Concepts, pp. 205–227. IGI Global (2011)
  9. Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: 3th International Conference on Availability, Reliability and Security, pp. 813–820. IEEE (2008)
  10. Booth, H., Turner, C.: Vulnerability description ontology (VDO). In: A Framework for Characterizing Vulnerabilities NIST (2016)
  11. Borgo, S., Masolo, C.: Ontological Foundations of DOLCE, pp. 279–295. Springer, Dordrecht (2010)
    Google Scholar
  12. Borst, W.N.: Construction of Engineering Ontologies for Knowledge Sharing and Reuse. CTIT, Centre for Telematics and Information Technology, New Delhi (1997)
    Google Scholar
  13. de Almeida Falbo, R.: Sabio: systematic approach for building ontologies. In: Guizzardi, G., Pastor, O., Wand, Y., de Cesare, S., Gailly, F., Lycett, M., Partridge, C. (eds.) Proceedings of the 1st Joint Workshop ONTO.COM/ODISE on Ontologies in Conceptual Modeling and Information Systems Engineering, C EUR-WS.org, CEUR Workshop Proceedings, vol. 1301 (2014)
  14. Degen, W., Heller, B., Herre, H., Smith, B.: Gol: toward an axiomatized upper-level ontology. In: Proceedings of the International Conference on Formal Ontology in Information Systems, vol. 2001, pp. 34–46 (2001)
  15. Duarte, B.B., Souza VES, de Castro Leal AL, de Almeida Falbo, R., Guizzardi, G., Guizzardi, R.S.: Towards an ontology of requirements at runtime. In: FOIS, pp. 255–268 (2016)
  16. Duarte, B.B., Falbo, R.A., Guizzardi, G., Guizzardi, R.S., Souza, V.E.: Towards an ontology of software defects, errors and failures. In: International Conference on Conceptual Modeling, pp. 349–362. Springer (2018)
  17. Elnagdy, S.A., Qiu, M., Gai, K.: Cyber incident classifications using ontology-based knowledge representation for cybersecurity insurance in financial industry. In: 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 301–306. IEEE (2016)
  18. Falbo, R., Bertollo, G.: A software process ontology as a common vocabulary about software processes. Int. J. Bus. Process. Integr. Manag. 4, 239–250 (2009)
    Article Google Scholar
  19. Fensel, D.: Ontologies. In: Ontologies, pp. 11–18. Springer (2001)
  20. Fernández-López, M., Gómez-Pérez, A., Juristo, N.: Methontology: from ontological art towards ontological engineering. In: Proceedings of the Ontological Engineering AAAI-97 Spring Symposium Series. American Association for Artificial Intelligence (1997)
  21. Gailly, F., Geerts, G., Poels, G.: Ontological reengineering of the REA-EO using UFO. In: International Workshop on Ontology-Driven Software Engineering (2009)
  22. Gamma, E.: Design Patterns: Elements of Reusable Object-Oriented Software. Pearson Education India, New York (1995)
    Google Scholar
  23. Gasmi, H., Laval, J., Bouras, A.: Cold-start cybersecurity ontology population using information extraction with LSTM. In: 2019 International Conference on Cyber Security for Emerging Technologies (CSET), pp. 1–6 (2019). https://doi.org/10.1109/CSET.2019.8904905
  24. Giaretta, P., Guarino, N.: Ontologies and knowledge bases towards a terminological clarification. In: Towards Very Large Knowledge Bases: knowledge Building & Knowledge Sharing, vol. 25, p. 32 (1995)
  25. Giunchiglia, F., Zaihrayeu, I.: Lightweight Ontologies. Technical report, University of Trento (2007)
  26. Gómez-Pérez, A., Corcho, O.: Ontology languages for the semantic web. IEEE Intell. Syst. 17(1), 54–60 (2002)
    Article Google Scholar
  27. Gomez-Perez, A., Fernández-López, M., Corcho, O.: Ontological Engineering: With Examples from the Areas of Knowledge Management. Springer, E-Commerce and the Semantic Web (2004)
  28. Grégio, A., Bonacin, R., Nabuco, O., Afonso, V.M., De Geus, P.L., Jino, M.: Ontology for malware behavior: a core model proposal. In: 2014 IEEE 23rd International WETICE Conference, pp. 453–458. IEEE (2014)
  29. Gruber, T.R., et al.: A translation approach to portable ontology specifications. Knowl. Acquis. 5(2), 199–220 (1993)
    Article Google Scholar
  30. Guarino, N.: The ontological level. Philos. Cogn. Sci. (1994)
  31. Guarino, N.: Formal ontology in information systems. In: Proceedings of the 1st International Conference, pp. 6–8. IOS Press, Trento, Italy (1998)
  32. Guarino, N.: The ontological level: revisiting 30 years of knowledge representation. In: Conceptual Modeling: Foundations and Applications, pp. 52–67 (2009)
  33. Guarino, N., Poli, R.: The role of formal ontology in the information technnology. Int. J. Hum. Comput. Stud. 43(5–6), 623–965 (1995)
    Article Google Scholar
  34. Guizzardi, G.: Ontological Foundations for Structural Conceptual Models. CTIT, Centre for Telematics and Information Technology, New Delhi (2005)
    MATH Google Scholar
  35. Guizzardi, G.: The role of foundational ontology for conceptual modeling and domain ontology representation, keynote paper. In: 7th International Baltic Conference on Databases and Information Systems (DB &IS). IEEE Press, Vilnius (2006)
  36. Guizzardi, G.: On ontology, ontologies, conceptualizations, modeling languages, and (meta) models. Front. Artif. Intell. Appl. 155, 18 (2007)
    Google Scholar
  37. Guizzardi, G.: Ontology-based evaluation and design of visual conceptual modeling languages. In: Domain Engineering, pp. 317–347. Springer (2013)
  38. Guizzardi, G.: Ontological patterns, anti-patterns and pattern languages for next-generation conceptual modeling. In: International Conference on Conceptual Modeling, pp. 13–27. Springer (2014)
  39. Guizzardi, G., Zamborlini, V.: Using a trope-based foundational ontology for bridging different areas of concern in ontology-driven conceptual modeling. Sci. Comput. Program. 96, 417–443 (2014)
    Article Google Scholar
  40. Guizzardi, G., Pires, L.F,, Van Sinderen, M.: An ontology-based approach for evaluating the domain appropriateness and comprehensibility appropriateness of modeling languages. In: MoDELS, pp. 691–705. Springer (2005)
  41. Hadar, E., Hassanzadeh, A.: Big data analytics on cyber attack graphs for prioritizing agile security requirements. In: 2019 IEEE 27th International Requirements Engineering Conference (RE), pp. 330–339. IEEE (2019)
  42. Hele-Mai, H., Tanel-Lauri, L.: A survey of concept-based information retrieval tools on the web. In: Proceedings of the 5th East-European Conference AD BIS, pp. 29–41 (2001)
  43. Herre, H.: General formal ontology (GFO): a foundational ontology for conceptual modelling. In: Theory and Applications of Ontology: Computer Applications. pp. 297–345. Springer (2010)
  44. Iannacone, M., Bohn, S., Nakamura, G., Gerth, J., Huffer, K., Bridges, R., Ferragut, E., Goodall, J.: Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, CISR ’15, pp. 12:1–12:4. ACM, New York, NY, USA (2015)
  45. Islam, C., Babar, M.A., Nepal, S.: Automated Interpretation and Integration of Security Tools Using Semantic Knowledge. Springer, Berlin (2019). https://doi.org/10.1007/978-3-030-21290-2_32
    Book Google Scholar
  46. ISO Central Secretary: Information Technology—Security Techniques—Information Security Risk Management. Standard ISO/IEC 27005:2011, International Organization for Standardization, Geneva (2011)
  47. ISO Central Secretary: Information Technology—Security Techniques—Guidelines for Cybersecurity. Standard ISO/IEC 27032:2012, International Organization for Standardization, Geneva (2012)
  48. ISO Central Secretary: Information Technology—Security Techniques—Information Security Management Systems—Overview and Vocabulary. Standard ISO/IEC 27000:2018-02, International Organization for Standardization, Geneva (2018)
  49. ISO Central Secretary: Information Technology—Security Techniques—Information Security Risk Management. Standard ISO/IEC 27005:2018, International Organization for Standardization, Geneva (2018)
  50. Jacobsen, A., de Miranda, A.R., Juty, N.S., Batista, D., Coles, S.J., Cornet, R., Courtot, M., Crosas, M., Dumontier, M., Evelo, C.T.A., Goble, C.A., Guizzardi, G., Hansen, K.K., Hasnain, A., Hettne, K.M., Heringa, J., Hooft, R.W.W., Imming, M., Jeffery, K.G., Kaliyaperumal, R., Kersloot, M.G., Kirkpatrick, C.R., Kuhn, T., Labastida, I., Magagna, B., McQuilton, P., Meyers, N., Montesanti, A., van Reisen, M., Rocca-Serra, P., Pergl, R., Sansone, S., da Silva Santos, L.O.B., Schneider, J., Strawn, G.O., Thompson, M., Waagmeester, A., Weigel, T., Wilkinson, M.D., Willighagen, E.L., Wittenburg, P., Roos, M., Mons, B., Schultes, E.: FAIR principles: interpretations and implementation considerations. Data Intell. 2(1–2), 10–29 (2020). https://doi.org/10.1162/dint_r_00024
    Article Google Scholar
  51. Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 53–60 (2018)
    Article Google Scholar
  52. Jurisica, I., Mylopoulos, J., Yu, E,: Using ontologies for knowledge management: an information systems perspective. In: Proceedings of the Annual Meeting-American Society For Information Science, Information Today; 1998, vol. 36, pp. 482–496 (1999)
  53. Kang, D., Lee, J., Choi, S., Kim, K.: An ontology-based enterprise architecture. Expert Syst. Appl. 37(2), 1456–1464 (2010). https://doi.org/10.1016/j.eswa.2009.06.073
    Article Google Scholar
  54. Keil, J.M., Schindler, S.: Comparison and evaluation of ontologies for units of measurement. Semant. Web 10(1), 33–51 (2019)
    Article Google Scholar
  55. Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity, vol. 11779 LNCS. Springer (2019). https://doi.org/10.1007/978-3-030-30796-7_13
  56. Langer, L., Smith, P., Hutle, M.: Smart grid cybersecurity risk assessment. In: 2015 International Symposium on Smart Electric Distribution Systems and Technologies (EDST), pp. 475–482 (2015). https://doi.org/10.1109/SEDST.2015.7315255
  57. Lassila, O., McGuinness, D.: The role of frame-based representation on the semantic web. Linköping Electron. Artic. Comput. Inf. Sci. 6(5), 2001 (2001)
    Google Scholar
  58. Li, K., Zhou, H., Tu, Z., Feng, B.: CSKB: A Cyber Security Knowledge Base Based on Knowledge Graph, vol. 1268 CCIS. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-9129-7_8
  59. Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O., Rochwerger, B.: Conceptual characterization of cybersecurity ontologies. In: 13th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modelling (PoEM 2020), pp. 323–338. Springer (2020)
  60. Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O.: Towards the Consolidation of Cybersecurity Standardized Definitions. Technical Report Version 2, Universidad Politecnica de Valencia (2021). http://hdl.handle.net/10251/163895
  61. Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O.: Towards the consolidation of cybersecurity standardized definitions: a tool for ontological analysis. In: Proceedings of the XXIV Iberoamerican Conference on Software Engineering, CIbSE 2021, pp. 1–14, San José, Costa Rica (2021)
  62. Mascardi, V., Cordì, V., Rosso, P.: A comparison of upper ontologies. In: WOA, vol. 2007, pp. 55–64 (2007)
  63. Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A., Schneider, L.: The WonderWeb library of foundational ontologies: preliminary report. WonderWeb Deliverable D 17 (2002). https://www.bibsonomy.org/bibtex/2e13335234623f07ce0788f9d892e7169/berrueta
  64. Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A.: Wonderweb deliverable d18 ontology library (final). ICT Project 33052, 31 (2003)
    Google Scholar
  65. Mizoguchi, R., Ikeda, M.: Towards ontology engineering. J. Jpn. Soc. Artif. Intell. 13, 9–10 (1998)
    Google Scholar
  66. Möller, D.P.F.: Cybersecurity Ontology, pp. 99–109. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60570-4_7
    Book Google Scholar
  67. Mozzaquatro, B.A., Agostinho, C., Goncalves, D., Martins, J., Jardim-Goncalves, R.: An ontology-based cybersecurity framework for the internet of things. Sensors 18(9), 3053 (2018)
    Article Google Scholar
  68. Mundie, D.A., Ruefle, R., Dorofee, A.J., Perl, S.J., McCloud, J., Collins, M.: An incident management ontology. In: STIDS, pp. 62–71 (2014)
  69. Narayanan, S., Ganesan, A., Joshi, K., Oates, T., Joshi, A., Finin, T.: Cognitive techniques for early detection of cybersecurity events (2018). arXiv preprint arXiv:1808.00116
  70. Nurse, J.R.C., Creese, S., Goldsmith, M., Lamberts, K.: Trustworthy and effective communication of cybersecurity risks: a review. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 60–68 (2011). https://doi.org/10.1109/STAST.2011.6059257
  71. Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: STIDS, pp. 49–56 (2012)
  72. Oltramari, A., Kott, A.: Towards a reconceptualisation of cyber risk: an empirical and ontological study. J. Inf. Warf. 17(1), 49–73 (2018)
    Google Scholar
  73. Oltramari, A., Vetere, G., Lenzerini, M., Gangemi, A., Guarino, N.: Senso comune. In: LREC (2010)
  74. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.D.: Building an ontology of cyber security. In: STIDS, pp. 54–61. Citeseer (2014)
  75. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.: Computational ontology of network operations. In: MILCOM 2015–2015 IEEE Military Communications Conference, pp. 318–323. IEEE (2015)
  76. Oltramari, A., Henshel, D.S., Cains, M., Hoffman, B.: Towards a human factors ontology for cyber security. In: STIDS, pp. 26–33 (2015)
  77. Onwubiko, C.: Cocoa: an ontology for cybersecurity operations centre analysis process. In: 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–8 (2018)
  78. Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic-based network security analyzer. In: USENIX Security Symposium, vol. 8, pp. 113–128, Baltimore (2005)
  79. Parmelee, M.C.: Toward an ontology architecture for cyber-security standards. STIDS 713, 116–123 (2010)
    Google Scholar
  80. Peciña, K., Bilbao, A., Bilbao, E.: Physical and logical security risk analysis model. In: 2011 Carnahan Conference on Security Technology, pp. 1–7 (2011). https://doi.org/10.1109/CCST.2011.6095895
  81. Pipa, A.M.C.: Owl Ontology Quality Assessment and Optimization in the Cybersecurity Domain. Ph.D. thesis, Instituto Universitário de Lisboa (2018)
  82. Qin, S., Chow, K.P.: Automatic analysis and reasoning based on vulnerability knowledge graph. In: Ning, H. (ed.) Communications in Computer and Information Science, vol. 1137 CCIS, pp. 3–19. Springer Singapore, Singapore (2019). https://doi.org/10.1007/978-981-15-1922-2_1
  83. Sales, T.P., Guizzardi, G.: Ontological anti-patterns in taxonomic structures. In: ONTOBRAS (2019)
  84. Sales, T.P., Baião, F., Guizzardi, G., Almeida, J.P.A., Guarino, N., Mylopoulos, J.: The common ontology of value and risk. In: International Conference on Conceptual Modeling, pp. 121–135. Springer (2018)
  85. Scarpato, N., Cilia, N.D., Romano, M.: Reachability matrix ontology: a cybersecurity ontology. Appl. Artif. Intell. 33(7), 643–655 (2019)
    Article Google Scholar
  86. Schumacher, M.: 6. Toward a security core ontology. In: Security Engineering with Patterns, pp. 87–96. Springer (2003)
  87. Serrano, L., Martins, B.F., Serrano, J.F., Panach, J.I., Pastor, O.: Una encuesta acerca de la Definición de Conceptos de Ciberseguridad. Technical Report Version 1, Universidad Politecnica de Valencia (2021). https://riunet.upv.es/handle/10251/174756
  88. Sikos, L.F.: OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge, pp. 1–17. Springer, Cham (2019)
  89. Simperl, E., Bürger, T., Hangl, S., Wörgl, S., Popov, I.: Ontocom: a reliable cost estimation method for ontology development projects. J. Web Semant. 16, 1–16 (2012)
    Article Google Scholar
  90. Singhal, A., Ou, X.: Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs, pp. 53–73. Springer, Berlin (2017)
  91. Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: International Conference on Advanced Information Systems Engineering, pp. 61–69. Springer (2012)
  92. Studer, R., Benjamins, V.R., Fensel, D.: Knowledge engineering: principles and methods. Data Knowl. Eng. 25(1–2), 161–197 (1998)
    Article Google Scholar
  93. Syed, R.: Cybersecurity Vulnerability Management: A Conceptual Ontology and Cyber Intelligence Alert System 57(6), 10334. (2020). https://doi.org/10.1016/j.im.2020.103334
  94. Syed, R., Zhong, H.: Cybersecurity Vulnerability Management: An Ontology-Based Conceptual Model (2018). https://aisel.aisnet.org/amcis2018/Semantics/Presentations/6
  95. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)
  96. Takahashi, T., Kadobayashi, Y.: Cybersecurity information exchange techniques: cybersecurity information ontology and cybex. J. Natl. Inst. Inf. Commun. Technol. 58(3/4) (2011)
  97. Takahashi, T., Kadobayashi, Y.: Reference ontology for cybersecurity operational information. Comput. J. 58(10), 2297–2312 (2015)
  98. Takahashi, T., Fujiwara, H., Kadobayashi, Y.: Building ontology of cybersecurity operational information. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information intelligence Research, pp. 1–4 (2010)
  99. Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 100–109 (2010)
  100. Tissir, N., El Kafhali, S., Aboutabit, N.: Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal. J. Reliab. Intell. Environ. (2020). https://doi.org/10.1007/s40860-020-00115-0
    Article Google Scholar
  101. Undercofer, J., Joshi, A., Finin, T., Pinkston, J., et al.: A target-centric ontology for intrusion detection. In: Workshop on Ontologies in Distributed Systems, held at the 18th International Joint Conference on Artificial Intelligence (2003)
  102. Uschold, M., Gruninger, M.: Ontologies and semantics for seamless connectivity. ACM SIGMod Rec. 33(4), 58–64 (2004)
    Article Google Scholar
  103. Uschold, M., Gruninger, M., et al.: Ontologies: Principles, Methods and Applications. Technical Report, University of Edinburgh Artificial Intelligence Applications Institute AIAI TR (1996)
  104. Van Heijst, G., Schreiber, A.T., Wielinga, B.J.: Using explicit ontologies in kbs development. Int. J. Hum. Comput. Stud. 46(2–3), 183–292 (1997). https://doi.org/10.1006/ijhc.1996.0090
  105. Wand, Y., Weber, R.: On the deep structure of information systems. Inf. Syst. J. 5(3), 203–223 (1995)
    Article Google Scholar
  106. Wang, J.A., Guo, M.: Ovm: an ontology for vulnerability management. In: 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 1–4 (2009)
  107. Wang, J.Z., Ali, F.: An efficient ontology comparison tool for semantic web applications. In: The 2005 IEEE/WIC/ACM International Conference on Web Intelligence (WI’05), pp. 372–378. IEEE (2005)
  108. Wieringa, R.: Design Science Methodology for Information Systems and Software Engineering. Springer, Berlin (2014)
    Book Google Scholar
  109. Zuanelli, E.: The cybersecurity ontology platform: the POC solution. In: e-AGE2017, p. 1 (2017)

Download references