Title | Research on Vulnerability Ontology Model |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Zhu, L., Zhang, Z., Xia, G., Jiang, C. |
Conference Name | 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC) |
Keywords | capec, Communication networks, compositionality, CVE, CWE, Databases, Economics, finance, industry public standards, inference mechanisms, Inference Rules, Information Reuse and Security, information security public databases, knowledge inference, Ontologies, ontologies (artificial intelligence), Ontology, pubcrawl, public information systems, Resiliency, security, security of data, security vulnerability ontology model, Standards, Vulnerability, vulnerability class, weakness class |
Abstract | In order to standardize and describe vulnerability information in detail as far as possible and realize knowledge sharing, reuse and extension at the semantic level, a vulnerability ontology is constructed based on the information security public databases such as CVE, CWE and CAPEC and industry public standards like CVSS. By analyzing the relationship between vulnerability class and weakness class, inference rules are defined to realize knowledge inference from vulnerability instance to its consequence and from one vulnerability instance to another vulnerability instance. The experimental results show that this model can analyze the causal and congeneric relationships between vulnerability instances, which is helpful to repair vulnerabilities and predict attacks. |
DOI | 10.1109/ITAIC.2019.8785783 |
Citation Key | zhu_research_2019 |