Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries

Andrei Brazhuk

Abstract


This paper discusses the problem of extracting and using knowledge of public directories of software attacks and vulnerabilities to build semantic threat models. The possible purpose of such models is using as a core of a knowledge management system in the software security field. The reason of using the semantic approach (ontologies, reasoning) is a huge number of different data sources in this field and difficulties to analyse them by hand. The proposed semantic model (OWL ontology) is based on the attack pattern (CAPEC) and weakness (CWE) concepts, and can “answer” the questions (by the DL and SPARQL queries), related to grouping (classification) of security concepts according given criteria. The implementation includes free software module (Java, OWL API), able to obtain the OWL ontology from the CAPEC and CWE files in the XML format. To illustrate given ideas, the Protege ontology editor, Pellet reasoner, and SNAP SPARQL plugin are used.


Full Text:

PDF

References


C. M. Keet, An Introduction to Ontology Engineering. 2018.

A. A. Chechulin, I. V. Kotenko, O. V. Polubelova, Design of the ontology based data model for the network attack modeling system. Trudy SPIIRAN, 2013, Т. 26, pp. 26-39.

Z. Syed, A. Padia, T. Finin, M. L. Mathews and A. Joshi, UCO: A Unified Cybersecurity Ontology. In AAAI Workshop: Artificial Intelligence for Cyber Security, 2016.

T. Li, E. Paja, J. Mylopoulos, J. Horkoff, and K. Beckers, Security attack analysis using attack patterns. In Research Challenges in Information Science (RCIS), IEEE Tenth International Conference, 2016, pp. 1-13.

Y. Wu, R. Gandhi, and H. Siy, Using semantic templates to study vulnerabilities recorded in large software repositories. ICSE Workshop on Software Engineering for Secure Systems, SESS’10, New York, USA, 2010, pp. 22-28.

V. Mavroeidis, S. Bromander, Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence, Intelligence and Security Informatics Conference (EISIC), 2017 European, IEEE, 2017, pp. 91-98.

M. Horridge, M. Musen, Snap-SPARQL: A java framework for working with SPARQL and OWL. International Experiences and Directions Workshop on OWL, Springer, Cham, 2015. pp. 154-165.


Refbacks

  • There are currently no refbacks.


Abava  Absolutech IT-EDU 2019

ISSN: 2307-8162