Security data mining in an ontology for vulnerability management

Proceedings - 2009 International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing, IJCBS 2009

Volumn , Issue , 2009, Pages 597-603

  Wang, Ju An ^a   Guo, Minzhe ^a  

^a SOUTHERN POLYTECHNIC STATE UNIVERSITY   (United States)

Author keywords

Information security; Measurement; Ontology; Semantic technology; Software vulnerabilities

Indexed keywords

INFORMATION SECURITY; INFORMATION-SECURITY MEASUREMENT; ONTOLOGY SEMANTICS; SECURITY DATA MINING; SECURITY PROFESSIONALS; SECURITY VULNERABILITIES; SEMANTIC TECHNOLOGIES; SOFTWARE VULNERABILITIES; VULNERABILITY ANALYSIS; VULNERABILITY MANAGEMENT;

BIOINFORMATICS; BIOLOGY; COMPUTER SOFTWARE; INTELLIGENT COMPUTING; NETWORK SECURITY; SEMANTIC WEB; SEMANTICS; TECHNOLOGY;

ONTOLOGY;

EID: 70450167629     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IJCBS.2009.13     Document Type: Conference Paper

References (55)

1. V, "Near-Term Prospects for Semantic Technologies," IEEE Intelligent Systems, January/February 2008, pp. 76-88.
2. 2 Guide to the CISSP CBK, Auerbach Publication, ISBN: 0-8493-8231-9, 2007.
3. MITRE, Making Security Measurable, http://measurablesecurity.mitre.org/.
4. NHS and NIST, National Vulnerability Database, automating vulnerability management, security measurement, and compliance checking, http://nvd.nist.gov/ scap.cfm.
5. th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007.
6. 2008 Semantic Technology Conference, May 18-22, 2008, San Jose, California, http://www.semantic-conference.com/.
7. Semantic Discovery, http://www.semantichacker.com. September 20, 2008.
8. Semantic Journal, http://www.sandoval.ca:8080/SemanticWebJournal/ SemanticWebJournal.html. September 20, 2008.
9. ISAP, Information Security Automation Program, Automating Vulnerability Management, Security Measurement, and Compliance, Version 1.0 Beta, revised on 5/22/2007.
10. Mell P. and Quinn S, "Automating Compliance Checking, Vulnerability Management, and Security Measurement," 2007 Information Assurance Workshop (IAWS) Presentation, 2007.
11. Computing Research Association (CRA), CRA Conference on "Grand Research Challenges" in Computer Science and Engineering, June 23-26, 2002, Airlie House, Warrenton, Virginia. http://www.cra.org/Activities/grand. challenges/.
12. st Hawaii International Conference on System Sciences, 2008.
13. Blanco C. et al., "A Systematic Review and Comparison of Security Ontologies," in Proceedings of The Third International Conference on Availability, Reliability and Security, 2008.
14. Associated Press, FAA Outage Reveals Odd Computing Practices, MIT Technology Review, August 29, 2008.
15. NIST, Security Content Automation Protocol, Version 1.0 Beta, revised on May 22, 2007.
16. NIST, Information Security Automation Program, Automating Vulnerability Management, Security Measurement, and Compliance, Version 1.0 Beta, revised on May 22, 2007.
17. Babbin J. et al., Security Log Management, Identifying Patterns in the Chaos, Syngress Publishing, Inc. 2006.
18. Peter Mell, Karen Scarfone, and Sasha Romanosky, A Complete Guide to the Common Vulnerability Scoring System (CVSS), Version 2.0, Forum of Incident Response and Security Teams, http://www.first.org/cvss/cvss-guide.html (July 2007).
19. J. A. Wang, M. Xia, and F. Zhang, "Metrics for Information Security Vulnerabilities, Journal of Applied Global Research, Volume 1, No. 1, 2008, pp. 48-58.
20. rd ACM Southeast Conference, Volume 2, pp. 178-184. ISBN: 1-59593-059-0. March 2005, Kennesaw, GA.
21. J.A.Wang, Fengwei Zhang and Min Xia, "Temporal Metrics for Software Vulnerabilities," in Proceedings of CSIIRW'08, May 12-14, 2008, Oak Ridge, TN, USA.
22. Oracle Corporation, The Critical Patch Update, http://www.oracle.com/ technology/deploy/security/critical-patch-updates/cpuoct2006.html
23. CISCO Security Advisory: Application Inspection Vulnerability in CISCO Firewall Services Module, http://www.cisco.com/en/US/products/products-security- advisory09186a008091b11d.shtml.
24. The MITRE Corporation, Common Vulnerabilities and Exposures, http://cve.mitre.org
25. Carlos Blanco et al., A Systematic Review and Comparison of Security Ontologies. The Third International Conference on Availability, Reliability and Security, 2008.
26. J. Undercoffer, A. Joshi and J. Pinkston. Modeling Computer Attacks: An ontology for Intrusion Detection. In the sixth International Symposium on Recent Advances in Intrusion Detection. 2003.
27. th Annual Hawaii International Conference on System Science (HICSS'07), 2007.
28. T. Gruber. Towards Principles for the Design of Ontologies used for Knowledge Sharing. International Journal of Human-Computer Studies, 1995. 43(5/6): 907-928.
29. G. Denker, L. Kagal, and T. Finin. Security in the Semantic Web using OWL. Security in the Semantic Web using OWL. Information Security Technical Report, 2005. 10(1): p. 51-58.
30. A. Vorobiev and J. Han. Security Attack Ontology for Web Services. Proceedings of the Second International Conference on Semantics, Knowledge, and Grid SKG '06. IEEE Computer Society, 2006: p.42.
31. Sea-Won Lee et al. Building Problem Domain Ontology from Security Requirements in Regulatory Documents. In Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems, 2006. ACM Press: Shanghai, China.
32. th International Conference on Ontologies, Databases, and Applications of Semantics (ODBASE'05). 2005.
33. th Pacific Rim International Symposium on Dependable Computing PRDC'06. IEEE Computer Society, 2006: p.289-290.
34. Geneiatakis D et al., An ontology description for SIP security flaws.
35. Franz Baader et al. Description Logic Handbook: Theory, Implementation and Application. Cambridge University Press, 2003.
36. C. Landwehr, A. Bull, J. McDermott, and W.Choi. A Taxonomy of Computer Program Security Flaws. Computing Surveys, 1994, 26(3): pp. 211-254.
37. E. G. Amoroso. Fundamentals of Computer Security Technology. Prentice-Hall PTR, 1994.
38. A. Gomez-Perez et al. Ontological Engineering, 1st ed. London: Springer, 2004.
39. Fernando Naufel do Amaral et al., An Ontology-based Approach to the Formalization of Information Security Policies. Proceedings of the 10th IEEE on International Enterprise Distributed Object Computing Conference Workshops EDOCW '06. IEEE Computer Society, 2006.
40. Tsoumas, B. and D. Gritzalis, Towards an Ontologybased Security Management. Proceedings of the 20th International Conference on Advanced Information Networking and Applications. IEEE Computer Society, 2006. Volume 1 (AINA'06) - Volume 01 AINA '06.
41. Mouratidis, H., P. Giorgini, and G. Manson, An Ontology for Modelling Security: The Tropos Approach, in Knowledge-Based Intelligent Information and Engineering Systems. 2003, Springer Berlin/Heidelberg. p. 1387-1394.
42. Formal Threat Description for Enhancing Governmental Risk Analysis.
43. Integration of an ontological information security concept in risk-aware business process management.
44. Denker, G., et al., Security for DAML Web Services: Annotation and Matchmaking, in The SemanticWeb-ISWC 2003. 2003, Springer Berlin/Heidelberg. p. 335-350.
45. Jie Bao, Giora Slutzki and Vasant Honavar. Privacy-Preserving Reasoning on the Semantic Web.
46. A. Fuxman, P. Giorgini, M. Kolp, J. Mylopoulos. Information Systems as Social Structures. In Proceedings of the Second International Conference on Formal Ontologies for Information Systems (FOIS-2001), USA, 2001.
47. E. Yu. Modeling Strategies Relationships for Process Reengineering. PhD Thesis, Department of Computer Science, University of Torento, Canada, 1995.
48. A. Avizienis, J. -C. Laprie, B. Randell, and C. E. Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. Dependable Sec. Comput. Vol. 1, No. !. pp. 11-33, 2004.
49. Steve Christey, Conor Harris, Bill Heinbockel. Introduction to Vulnerability Theory. http://cwe.mitre.org/documents/vulnerability-theory/intro. html.
50. N. F. Noy and D. L. McGuinness. Ontology Development 101: Guide to Creating Your First Ontology. Standford Knowledge Systems Laboratory Technical Report KSL-01-05.
51. Web-Ontology (WebOnto) working Group. http://www.w3.org/2001/sw/WebOnt/, November, 2008.
52. Protégé. http://protege.stanford.edu/, November, 2008
53. SWRL: A Semantic Web Rule L Combining OWL and ber, 2008. anguage RuleML. http://www.w3.org/Submission/SWRL/, November, 2008.
54. Pellet: The Open Source OWL DL Reasoner. http://clarkparsia.com/pellet/.
55. Jess, the rule engine for the java platform. http://herzberg.ca.sandia. gov/.