Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries

Andrei Brazhuk

Resumen

This paper discusses the problem of extracting and using knowledge of public directories of software attacks and vulnerabilities to build semantic threat models. The possible purpose of such models is using as a core of a knowledge management system in the software security field. The reason of using the semantic approach (ontologies, reasoning) is a huge number of different data sources in this field and difficulties to analyse them by hand. The proposed semantic model (OWL ontology) is based on the attack pattern (CAPEC) and weakness (CWE) concepts, and can ?answer? the questions (by the DL and SPARQL queries), related to grouping (classification) of security concepts according given criteria. The implementation includes free software module (Java, OWL API), able to obtain the OWL ontology from the CAPEC and CWE files in the XML format. To illustrate given ideas, the Protege ontology editor, Pellet reasoner, and SNAP SPARQL plugin are used.

Acceso

PÁGINAS

pp. 38 - 41

NÚMERO

Volumen: 7 Número: 3 Parte: 0 (2019)

MATERIAS

INGENIERÍA Y CONSTRUCCIÓN CIVIL
TECNOLOGÍA

REVISTAS SIMILARES

Inteligencia Artificial
Acta Scientiarum: Technology
Information

Artículos similares

A Study on the Emotional Tendency of Aquatic Product Quality and Safety Texts Based on Emotional Dictionaries and Deep Learning

Acceso

Xingxing Tong, Ming Chen and Guofu Feng

The issue of aquatic product quality and safety has gradually become a focal point of societal concern. Analyzing textual comments from people about aquatic products aids in promptly understanding the current sentiment landscape regarding the quality and... ver más

Revista: Applied Sciences

Research on Efficient Feature Generation and Spatial Aggregation for Remote Sensing Semantic Segmentation

Acceso

Ruoyang Li, Shuping Xiong, Yinchao Che, Lei Shi, Xinming Ma and Lei Xi

Semantic segmentation algorithms leveraging deep convolutional neural networks often encounter challenges due to their extensive parameters, high computational complexity, and slow execution. To address these issues, we introduce a semantic segmentation ... ver más

Revista: Algorithms

Leveraging Semantic Text Analysis to Improve the Performance of Transformer-Based Relation Extraction

Acceso

Marie-Therese Charlotte Evans, Majid Latifi, Mominul Ahsan and Julfikar Haider

Keyword extraction from Knowledge Bases underpins the definition of relevancy in Digital Library search systems. However, it is the pertinent task of Joint Relation Extraction, which populates the Knowledge Bases from which results are retrieved. Recent ... ver más

Revista: Information

Performance of 4 Pre-Trained Sentence Transformer Models in the Semantic Query of a Systematic Review Dataset on Peri-Implantitis

Acceso

Carlo Galli, Nikolaos Donos and Elena Calciolari

Systematic reviews are cumbersome yet essential to the epistemic process of medical science. Finding significant reports, however, is a daunting task because the sheer volume of published literature makes the manual screening of databases time-consuming.... ver más

Revista: Information

Implementing Cognitive Semantics of Autoepistemic Membership Statements: The Case of Categories with Prototypes

Acceso

Radoslaw Piotr Katarzyniak, Grzegorz Popek and Marcin Zurawski

This article presents a model of an architecture of an artificial cognitive agent that performs the function of generating autoepistemic membership statements used to communicate beliefs about the belonging of an observed external object to a category wi... ver más

Revista: Applied Sciences

Revistas destacadas

Acceso directo a los números publicados en la revista Infrastructures

Infrastructures

Acceso directo a los números publicados en la revista Informed Infraestructure

Informed Infraestructure

Acceso directo a los números publicados en la revista BiT

Acceso directo a los números publicados en la revista Revista de la Construcción

Revista de la Construcción

Ver todas las revistas