Abstract
The engineering of ontologies in the information security domain have received some degree of attention in past years. Concretely, the use of ontologies has been proposed as a solution for a diversity of tasks related to that domain, from the modelling of cyber-attacks to easing the work of auditors or analysts. This has resulted in ontology artefacts, degrees of representation and ontological commitments of a diverse nature. In this paper, a selection of recent research in the area is categorized according to their purpose or application, highlighting their main commonalities. Then, an assessment of the current status of development in the area is provided, in an attempt to sketch a future roadmap for further research. The literature surveyed shows different levels of analysis, from the more conceptual to the more low-level, protocol-oriented, and also diverse levels of readiness for practice. Further, several of the works found use existing standardized, community-curated databases as sources for ontology population, which points out to a need to use these as a baseline for future research, adding ontology-based functionalities for those capabilities not directly supported by them.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Atymtayeva, L., Kozhakhmet, K., Bortsova, G.: Building a knowledge base for expert system in information security. In: Cho, Y.I., Matson, E.T. (eds.) Soft Computing in Artificial Intelligence. AISC, vol. 270, pp. 57–76. Springer, Heidelberg (2014)
Balduccini, M., Kushner, S., Speck, J.: Ontology-driven data semantics discovery for cyber-security. In: Pontelli, E., Son, T.C. (eds.) PADL 2015. LNCS, vol. 9131, pp. 1–16. Springer, Heidelberg (2015)
Benammar, O., Elasri, H., Jebbar, M., Sekkaki, A.: Security Policies Matching Through Ontologies Alignment To Support Security Experts. Journal of Theoretical & Applied Information Technology 71(1) (2015)
Di Modica, G., Tomarchio, O.: Matchmaking semantic security policies in heterogeneous clouds. Future Generation Computer Systems (in press, 2015)
Elçi, A.: Isn’t the time ripe for a standard ontology on security of information and networks? In: Proceedings of the 7th International Conference on Security of Information and Networks, p. 1. ACM (2014)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th ACM International Symposium on Information, Computer, and Communications Security, pp. 183–194 (2009)
Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., Thuraisingham, B.: R OWL BAC: representing role based access control in OWL. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 73–82, June 2008
Gyrard, A., Bonnet, C., Boudaoud, K.: An ontology-based approach for helping to secure the ETSI machine-to-machine architecture. In: Proc. of the 2014 IEEE International Conference on Internet of Things (iThings) and Green Computing and Communications (GreenCom), IEEE and Cyber, Physical and Social Computing (CPSCom), pp. 109–116 (2014)
Hyman, P.: Cybercrime: it’s serious, but exactly how serious? Communications of the ACM 56(3), 18–20 (2013)
Iannacone, M., Bohn, S., Nakamura, G., Gerth, J., Huffer, K., Bridges, R., Ferragut, E., Goodall, J.: Developing an ontology for cyber security knowledge graphs. In: Proc. of the 10th Annual Cyber and Information Security Research Conference, p. 12. ACM, April 2015
Kamongi, P., Gomathisankaran, M., Kavi, K.: Nemesis: automated architecture for threat modeling and risk assessment for cloud computing. In: Proc. of the 6th ASE International Conference on Privacy, Security, Risk and Trust (PASSAT), Cambridge, MA, USA (2015)
Kumar, K., Vijayalakshmi, K., Bharathi, R.: Semantic Intrusion Detection for the Application Layer-Service Level Attack Detection. Journal of Convergence Information Technology 10(3), 1–8 (2015)
Mann, D.E., Christey, S.M.: Towards a common enumeration of vulnerabilities. In: Proc. of the 2nd Workshop on Research with Security Vulnerability Databases, Purdue University, West Lafayette, Indiana (1999)
Montesino, R., Fenz, S.: Information security automation: how far can we go? In: Proc. of the Sixth IEEE International Conference on Availability, Reliability and Security (ARES), pp. 280–285 (2011)
Razzaq, A., Anwar, Z., Ahmad, H.F., Latif, K., Munir, F.: Ontology for attack detection: An intelligent approach to web application security. Computers & Security 45, 124–146 (2014)
Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Tech. Report 14(1), 16–29 (2009)
Salini, P., Shenbagam, J.: Prediction and Classification of Web Application Attacks using Vulnerability Ontology. International Journal of Computer Applications 116(21) (2015)
Schiavone, S., Garg, L., Summers, K.: Ontology of Information Security in Enterprises. Electronic Journal Information Systems Evaluation 17(1) (2014)
Sharma, S., Trivedi, M., Kurup, L.: Using Ontologies to Model Attacks in an Internet based Mobile Ad-hoc Network (iMANET). International Journal of Computer Applications 110(2) (2015)
Shenbagam, J., Salini, P.: Vulnerability ontology for web applications to predict and classify attacks. In: Proc. of the 2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE), pp. 268–272. IEEE (2014)
Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 157–177. Springer, Heidelberg (2015)
Souag, A., Mazo, R., Salinesi, C., Comyn-Wattiau, I.: Reusable knowledge in security requirements engineering: a systematic mapping study. Requirements Engineering, 1–33 (2015)
Takahashi, T., Kadobayashi, Y.: Reference Ontology for Cybersecurity Operational Information. The Computer Journal, bxu101 (2014)
Takahashi, T., Kadobayashi, Y.: Mechanism for linking and discovering structured cybersecurity information over networks. In: Proc. of the 2014 IEEE International Conference on Semantic Computing (ICSC), pp. 279–284 (2014)
Tong, W., Liang, X., Li, X., Zhao, J., Liang, X.: An analysis method of NAC configuration conflict based on ontology. In: Proc. of the 3rd International Conference on Digital Enterprise and Information Systems (DEIS2015), p. 46 (2015)
Wall, D.S., Williams, M.L.: Policing cybercrime: networked and social media technologies and the challenges for policing. Policing and Society 23(4), 409–412 (2013)
Yao, Y., Ma, X., Liu, H., Yi, J., Zhao, X., Liu, L.: A semantic knowledge base construction method for information security. In: Proc. of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 803–808 (2014)
Zhang, X.Q., Xu, J.Y., Gu, C.H.: Information Security Vulnerability Association Analysis Based on Ontology Technology. Journal of East China University of Science and Technology (Natural Science Edition) 1, 022 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sicilia, MA., García-Barriocanal, E., Bermejo-Higuera, J., Sánchez-Alonso, S. (2015). What are Information Security Ontologies Useful for?. In: Garoufallou, E., Hartley, R., Gaitanou, P. (eds) Metadata and Semantics Research. MTSR 2015. Communications in Computer and Information Science, vol 544. Springer, Cham. https://doi.org/10.1007/978-3-319-24129-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-24129-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24128-9
Online ISBN: 978-3-319-24129-6
eBook Packages: Computer ScienceComputer Science (R0)