Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries

Andrei Brazhuk

Resumen

This paper discusses the problem of extracting and using knowledge of public directories of software attacks and vulnerabilities to build semantic threat models. The possible purpose of such models is using as a core of a knowledge management system in the software security field. The reason of using the semantic approach (ontologies, reasoning) is a huge number of different data sources in this field and difficulties to analyse them by hand. The proposed semantic model (OWL ontology) is based on the attack pattern (CAPEC) and weakness (CWE) concepts, and can ?answer? the questions (by the DL and SPARQL queries), related to grouping (classification) of security concepts according given criteria. The implementation includes free software module (Java, OWL API), able to obtain the OWL ontology from the CAPEC and CWE files in the XML format. To illustrate given ideas, the Protege ontology editor, Pellet reasoner, and SNAP SPARQL plugin are used.

Acceso

P�GINAS

pp. 38 - 41

N�MERO

Volumen: 7 N�mero: 3 Parte: 0 (2019)

MATERIAS

INGENIER�A Y CONSTRUCCI�N CIVIL
TECNOLOG�A

REVISTAS SIMILARES

Acta Scientiarum: Technology
Inteligencia Artificial
Information

Art�culos similares

Research on Chinese Nested Entity Recognition Based on IDCNNLR and GlobalPointer

Acceso

Weijun Li, Jintong Liu, Yuxiao Gao, Xinyong Zhang and Jianlai Gu

The task of named entity recognition (NER) is to identify entities in the text and predict their categories. In real-life scenarios, the context of the text is often complex, and there may exist nested entities within an entity. This kind of entity is ca... ver m�s

Revista: Applied System Innovation

Leveraging Semantic Text Analysis to Improve the Performance of Transformer-Based Relation Extraction

Acceso

Marie-Therese Charlotte Evans, Majid Latifi, Mominul Ahsan and Julfikar Haider

Keyword extraction from Knowledge Bases underpins the definition of relevancy in Digital Library search systems. However, it is the pertinent task of Joint Relation Extraction, which populates the Knowledge Bases from which results are retrieved. Recent ... ver m�s

Revista: Information

Research on Efficient Feature Generation and Spatial Aggregation for Remote Sensing Semantic Segmentation

Acceso

Ruoyang Li, Shuping Xiong, Yinchao Che, Lei Shi, Xinming Ma and Lei Xi

Semantic segmentation algorithms leveraging deep convolutional neural networks often encounter challenges due to their extensive parameters, high computational complexity, and slow execution. To address these issues, we introduce a semantic segmentation ... ver m�s

Revista: Algorithms

Implementing Cognitive Semantics of Autoepistemic Membership Statements: The Case of Categories with Prototypes

Acceso

Radoslaw Piotr Katarzyniak, Grzegorz Popek and Marcin Zurawski

This article presents a model of an architecture of an artificial cognitive agent that performs the function of generating autoepistemic membership statements used to communicate beliefs about the belonging of an observed external object to a category wi... ver m�s

Revista: Applied Sciences

A Tolerance Specification Automatic Design Method for Screening Geometric Tolerance Types

Acceso

Guanghao Liu, Meifa Huang and Wenbo Su

At present, the automatic generation of tolerance types based on rule-based reasoning has an obvious characteristic: for the same assembly feature, tolerance items are recommended that satisfy all feature characteristics, with a large number of recommend... ver m�s

Revista: Applied Sciences

Revistas destacadas

Acceso directo a los n�meros publicados en la revista Infrastructures

Infrastructures

Acceso directo a los n�meros publicados en la revista Informed Infraestructure

Informed Infraestructure

Acceso directo a los n�meros publicados en la revista BiT

Acceso directo a los n�meros publicados en la revista Revista de la Construcci�n

Revista de la Construcci�n

Ver todas las revistas disponibles