A framework for conceptual characterization of ontologies and its application in the cybersecurity domain | Software and Systems Modeling Skip to main content
Springer Nature Link
Log in

A framework for conceptual characterization of ontologies and its application in the cybersecurity domain

  • Special Section Paper
  • Published:
Software and Systems Modeling Aims and scope Submit manuscript

Abstract

Organizations are actively seeking efficient solutions for the management and protection of their assets. However, Cybersecurity is a vast and complex domain, especially for large enterprises because it requires an interdisciplinary approach. Knowledge Graphs are one of the mechanisms that organizations use to explore security among assets and possible attacks. The grounding of concepts is fundamental to implementing Knowledge Graphs, and it is one of the most relevant ontology applications. Therefore, Cybersecurity Ontologies have emerged as an important research subject. The first contribution of this paper is a search for previously existing works that have defined Cybersecurity Ontologies. We found twenty-eight ontologies in this search. Based on this result, we propose a Cybersecurity Terminological Validation and a Framework for Classifying Ontologies. Then, we provide a cross-analysis of these two proposals and present a proposal of best practices for improving the ontological approach in the cybersecurity domain. We also discuss the impact of this proposal with regard to the Ontology Engineering process. Our goal is to provide a solution that meets the organization’s needs in terms of Cybersecurity and to contribute to Ontology Engineering research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. Semantic efficiency regarding the notions proposed in [38].

  2. Search string accessed on June 2020: (ALL = “ontologies classification” OR “ontology classification”).

  3. http://www.w3.org/TR/rdf-mt/.

  4. https://www.w3.org/TR/owl2-syntax/.

  5. ABox statements represent instances of associated concepts at the knowledge base.

  6. http://www.daml.org/.

  7. TBox statements describe the domain by defining its concepts and relations.

  8. Search chain: \((TITLE = \) “Cybersecurity Ontology”\()\,\, or (\)“Cybersecurity Ontologies”) when it is not possible to filter by title.

  9. http://oval.mitre.org/documents/docs-03/intro/intro.html.

  10. https://github.com/Chadni-Islam/Security-Ontology/blob/master/Ontology.jpeg.

  11. https://cwe.mitre.org/.

  12. https://cve.mitre.org/.

  13. https://capec.mitre.org/.

  14. https://www.first.org/cvss/specification-document.

  15. https://sepses.ifs.tuwien.ac.at/.

  16. https://protege.stanford.edu/.

  17. https://www.w3.org/Submission/SWRL/.

  18. ISO/IEC 27032 promotes procedures to establish and maintain security in cyberspace in the dimensions of Confidentiality, Availability, and Integrity (the CIA Triad).

  19. ISO/IEC 27000 documents the general terminology used in the cybersecurity domain.

  20. Note the vocabulary extension can be repeated as many times as necessary to achieve common sense among stakeholders.

  21. Our research is part of a project to develop KGs (TKG and DTKGs) through a comprehensive solution within a project with Accenture LTD. The consortium also has research in partnership with other academic research centers.

  22. https://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html.

  23. http://www.iso.org/iso/home.htm.

  24. http://www.iec.ch/.

  25. http://www.itu.int/ITU-T/.

  26. http://csrc.nist.gov/.

  27. https://www.nerc.com/.

  28. http://www.oasis-open.org/.

  29. http://www.exteriores.gob.es.

  30. https://www.incibe.es/en.

  31. https://www.mitre.org/.

  32. http://www.isaca.org/Template.

  33. https://www.enisa.europa.eu/.

  34. Aspects in an ontological sense (essential properties).

  35. https://www.oxfordlearnersdictionaries.com/definition/english/pattern_1.

  36. \(RISK \sqsupseteq ABST\_QUALITY \sqcap \forall \textit{ isQualityOf}.MISSION\_TASK\).

  37. \(RISK\_ASSESSMENT \sqsupseteq ACTION \sqcap \exists \textit{ hasParticipant}.RISK\).

  38. Here we are considering the ontological notion of Event as a Perdurant from DOLCE [11].

  39. The stereotype for UFO intrinsic moments for the OntoUML [34] language.

  40. The stereotype for UFO relational moments for the OntoUML [34] language.

  41. OntoUML specification at https://ontouml.readthedocs.io/en/latest/ and https://github.com/OntoUML.

References

  1. Agrawal, V.: Towards the ontology of ISO/IEC 27005:2011 risk management standard. In: HAISA (2016)

  2. Almeida, J.P.A., Guizzardi, G.: An ontological analysis of the notion of community in the RM-ODP enterprise language. Comput. Stand. Interfaces 35(3), 257–268 (2013)

    Article  Google Scholar 

  3. Almeida, J.P.A, Guizzardi, G., Sales, T.P., Falbo, R.A.: gUFO: A Lightweight Implementation of the Unified Foundational Ontology (UFO). Technical Repot Version 1, Federal University of Espirito Santo (2019). https://nemo-ufes.github.io/gufo/

  4. Babiceanu, R.F., Seker, R.: Cybersecurity and resilience modelling for software-defined networks-based manufacturing applications. Stud. Comput. Intell. 694, 167–176 (2017). https://doi.org/10.1007/978-3-319-51100-9_15

    Article  Google Scholar 

  5. Ben-Asher, N., Oltramari, A., Erbacher, R.F., Gonzalez, C.: Ontology-based adaptive systems of cyber defense. In: STIDS, pp. 34–41 (2015)

  6. Benevides, A.B., Guizzardi, G.: A model-based tool for conceptual modeling and domain ontology engineering in OntoUML. In: Enterprise Information Systems, pp. 528–538 (2009)

  7. Bergner, S., Lechner, U.: Cybersecurity ontology for critical infrastructures. In: KEOD, pp. 80–85 (2017)

  8. Bizer, C., Heath, T., Berners-Lee, T.: Linked data: the story so far. In: Semantic Services, Interoperability and Web Applications: Emerging Concepts, pp. 205–227. IGI Global (2011)

  9. Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: 3th International Conference on Availability, Reliability and Security, pp. 813–820. IEEE (2008)

  10. Booth, H., Turner, C.: Vulnerability description ontology (VDO). In: A Framework for Characterizing Vulnerabilities NIST (2016)

  11. Borgo, S., Masolo, C.: Ontological Foundations of DOLCE, pp. 279–295. Springer, Dordrecht (2010)

    Google Scholar 

  12. Borst, W.N.: Construction of Engineering Ontologies for Knowledge Sharing and Reuse. CTIT, Centre for Telematics and Information Technology, New Delhi (1997)

    Google Scholar 

  13. de Almeida Falbo, R.: Sabio: systematic approach for building ontologies. In: Guizzardi, G., Pastor, O., Wand, Y., de Cesare, S., Gailly, F., Lycett, M., Partridge, C. (eds.) Proceedings of the 1st Joint Workshop ONTO.COM/ODISE on Ontologies in Conceptual Modeling and Information Systems Engineering, C EUR-WS.org, CEUR Workshop Proceedings, vol. 1301 (2014)

  14. Degen, W., Heller, B., Herre, H., Smith, B.: Gol: toward an axiomatized upper-level ontology. In: Proceedings of the International Conference on Formal Ontology in Information Systems, vol. 2001, pp. 34–46 (2001)

  15. Duarte, B.B., Souza VES, de Castro Leal AL, de Almeida Falbo, R., Guizzardi, G., Guizzardi, R.S.: Towards an ontology of requirements at runtime. In: FOIS, pp. 255–268 (2016)

  16. Duarte, B.B., Falbo, R.A., Guizzardi, G., Guizzardi, R.S., Souza, V.E.: Towards an ontology of software defects, errors and failures. In: International Conference on Conceptual Modeling, pp. 349–362. Springer (2018)

  17. Elnagdy, S.A., Qiu, M., Gai, K.: Cyber incident classifications using ontology-based knowledge representation for cybersecurity insurance in financial industry. In: 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 301–306. IEEE (2016)

  18. Falbo, R., Bertollo, G.: A software process ontology as a common vocabulary about software processes. Int. J. Bus. Process. Integr. Manag. 4, 239–250 (2009)

    Article  Google Scholar 

  19. Fensel, D.: Ontologies. In: Ontologies, pp. 11–18. Springer (2001)

  20. Fernández-López, M., Gómez-Pérez, A., Juristo, N.: Methontology: from ontological art towards ontological engineering. In: Proceedings of the Ontological Engineering AAAI-97 Spring Symposium Series. American Association for Artificial Intelligence (1997)

  21. Gailly, F., Geerts, G., Poels, G.: Ontological reengineering of the REA-EO using UFO. In: International Workshop on Ontology-Driven Software Engineering (2009)

  22. Gamma, E.: Design Patterns: Elements of Reusable Object-Oriented Software. Pearson Education India, New York (1995)

    Google Scholar 

  23. Gasmi, H., Laval, J., Bouras, A.: Cold-start cybersecurity ontology population using information extraction with LSTM. In: 2019 International Conference on Cyber Security for Emerging Technologies (CSET), pp. 1–6 (2019). https://doi.org/10.1109/CSET.2019.8904905

  24. Giaretta, P., Guarino, N.: Ontologies and knowledge bases towards a terminological clarification. In: Towards Very Large Knowledge Bases: knowledge Building & Knowledge Sharing, vol. 25, p. 32 (1995)

  25. Giunchiglia, F., Zaihrayeu, I.: Lightweight Ontologies. Technical report, University of Trento (2007)

  26. Gómez-Pérez, A., Corcho, O.: Ontology languages for the semantic web. IEEE Intell. Syst. 17(1), 54–60 (2002)

    Article  Google Scholar 

  27. Gomez-Perez, A., Fernández-López, M., Corcho, O.: Ontological Engineering: With Examples from the Areas of Knowledge Management. Springer, E-Commerce and the Semantic Web (2004)

  28. Grégio, A., Bonacin, R., Nabuco, O., Afonso, V.M., De Geus, P.L., Jino, M.: Ontology for malware behavior: a core model proposal. In: 2014 IEEE 23rd International WETICE Conference, pp. 453–458. IEEE (2014)

  29. Gruber, T.R., et al.: A translation approach to portable ontology specifications. Knowl. Acquis. 5(2), 199–220 (1993)

    Article  Google Scholar 

  30. Guarino, N.: The ontological level. Philos. Cogn. Sci. (1994)

  31. Guarino, N.: Formal ontology in information systems. In: Proceedings of the 1st International Conference, pp. 6–8. IOS Press, Trento, Italy (1998)

  32. Guarino, N.: The ontological level: revisiting 30 years of knowledge representation. In: Conceptual Modeling: Foundations and Applications, pp. 52–67 (2009)

  33. Guarino, N., Poli, R.: The role of formal ontology in the information technnology. Int. J. Hum. Comput. Stud. 43(5–6), 623–965 (1995)

    Article  Google Scholar 

  34. Guizzardi, G.: Ontological Foundations for Structural Conceptual Models. CTIT, Centre for Telematics and Information Technology, New Delhi (2005)

    MATH  Google Scholar 

  35. Guizzardi, G.: The role of foundational ontology for conceptual modeling and domain ontology representation, keynote paper. In: 7th International Baltic Conference on Databases and Information Systems (DB &IS). IEEE Press, Vilnius (2006)

  36. Guizzardi, G.: On ontology, ontologies, conceptualizations, modeling languages, and (meta) models. Front. Artif. Intell. Appl. 155, 18 (2007)

    Google Scholar 

  37. Guizzardi, G.: Ontology-based evaluation and design of visual conceptual modeling languages. In: Domain Engineering, pp. 317–347. Springer (2013)

  38. Guizzardi, G.: Ontological patterns, anti-patterns and pattern languages for next-generation conceptual modeling. In: International Conference on Conceptual Modeling, pp. 13–27. Springer (2014)

  39. Guizzardi, G., Zamborlini, V.: Using a trope-based foundational ontology for bridging different areas of concern in ontology-driven conceptual modeling. Sci. Comput. Program. 96, 417–443 (2014)

    Article  Google Scholar 

  40. Guizzardi, G., Pires, L.F,, Van Sinderen, M.: An ontology-based approach for evaluating the domain appropriateness and comprehensibility appropriateness of modeling languages. In: MoDELS, pp. 691–705. Springer (2005)

  41. Hadar, E., Hassanzadeh, A.: Big data analytics on cyber attack graphs for prioritizing agile security requirements. In: 2019 IEEE 27th International Requirements Engineering Conference (RE), pp. 330–339. IEEE (2019)

  42. Hele-Mai, H., Tanel-Lauri, L.: A survey of concept-based information retrieval tools on the web. In: Proceedings of the 5th East-European Conference AD BIS, pp. 29–41 (2001)

  43. Herre, H.: General formal ontology (GFO): a foundational ontology for conceptual modelling. In: Theory and Applications of Ontology: Computer Applications. pp. 297–345. Springer (2010)

  44. Iannacone, M., Bohn, S., Nakamura, G., Gerth, J., Huffer, K., Bridges, R., Ferragut, E., Goodall, J.: Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, CISR ’15, pp. 12:1–12:4. ACM, New York, NY, USA (2015)

  45. Islam, C., Babar, M.A., Nepal, S.: Automated Interpretation and Integration of Security Tools Using Semantic Knowledge. Springer, Berlin (2019). https://doi.org/10.1007/978-3-030-21290-2_32

    Book  Google Scholar 

  46. ISO Central Secretary: Information Technology—Security Techniques—Information Security Risk Management. Standard ISO/IEC 27005:2011, International Organization for Standardization, Geneva (2011)

  47. ISO Central Secretary: Information Technology—Security Techniques—Guidelines for Cybersecurity. Standard ISO/IEC 27032:2012, International Organization for Standardization, Geneva (2012)

  48. ISO Central Secretary: Information Technology—Security Techniques—Information Security Management Systems—Overview and Vocabulary. Standard ISO/IEC 27000:2018-02, International Organization for Standardization, Geneva (2018)

  49. ISO Central Secretary: Information Technology—Security Techniques—Information Security Risk Management. Standard ISO/IEC 27005:2018, International Organization for Standardization, Geneva (2018)

  50. Jacobsen, A., de Miranda, A.R., Juty, N.S., Batista, D., Coles, S.J., Cornet, R., Courtot, M., Crosas, M., Dumontier, M., Evelo, C.T.A., Goble, C.A., Guizzardi, G., Hansen, K.K., Hasnain, A., Hettne, K.M., Heringa, J., Hooft, R.W.W., Imming, M., Jeffery, K.G., Kaliyaperumal, R., Kersloot, M.G., Kirkpatrick, C.R., Kuhn, T., Labastida, I., Magagna, B., McQuilton, P., Meyers, N., Montesanti, A., van Reisen, M., Rocca-Serra, P., Pergl, R., Sansone, S., da Silva Santos, L.O.B., Schneider, J., Strawn, G.O., Thompson, M., Waagmeester, A., Weigel, T., Wilkinson, M.D., Willighagen, E.L., Wittenburg, P., Roos, M., Mons, B., Schultes, E.: FAIR principles: interpretations and implementation considerations. Data Intell. 2(1–2), 10–29 (2020). https://doi.org/10.1162/dint_r_00024

    Article  Google Scholar 

  51. Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 53–60 (2018)

    Article  Google Scholar 

  52. Jurisica, I., Mylopoulos, J., Yu, E,: Using ontologies for knowledge management: an information systems perspective. In: Proceedings of the Annual Meeting-American Society For Information Science, Information Today; 1998, vol. 36, pp. 482–496 (1999)

  53. Kang, D., Lee, J., Choi, S., Kim, K.: An ontology-based enterprise architecture. Expert Syst. Appl. 37(2), 1456–1464 (2010). https://doi.org/10.1016/j.eswa.2009.06.073

    Article  Google Scholar 

  54. Keil, J.M., Schindler, S.: Comparison and evaluation of ontologies for units of measurement. Semant. Web 10(1), 33–51 (2019)

    Article  Google Scholar 

  55. Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity, vol. 11779 LNCS. Springer (2019). https://doi.org/10.1007/978-3-030-30796-7_13

  56. Langer, L., Smith, P., Hutle, M.: Smart grid cybersecurity risk assessment. In: 2015 International Symposium on Smart Electric Distribution Systems and Technologies (EDST), pp. 475–482 (2015). https://doi.org/10.1109/SEDST.2015.7315255

  57. Lassila, O., McGuinness, D.: The role of frame-based representation on the semantic web. Linköping Electron. Artic. Comput. Inf. Sci. 6(5), 2001 (2001)

    Google Scholar 

  58. Li, K., Zhou, H., Tu, Z., Feng, B.: CSKB: A Cyber Security Knowledge Base Based on Knowledge Graph, vol. 1268 CCIS. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-9129-7_8

  59. Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O., Rochwerger, B.: Conceptual characterization of cybersecurity ontologies. In: 13th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modelling (PoEM 2020), pp. 323–338. Springer (2020)

  60. Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O.: Towards the Consolidation of Cybersecurity Standardized Definitions. Technical Report Version 2, Universidad Politecnica de Valencia (2021). http://hdl.handle.net/10251/163895

  61. Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O.: Towards the consolidation of cybersecurity standardized definitions: a tool for ontological analysis. In: Proceedings of the XXIV Iberoamerican Conference on Software Engineering, CIbSE 2021, pp. 1–14, San José, Costa Rica (2021)

  62. Mascardi, V., Cordì, V., Rosso, P.: A comparison of upper ontologies. In: WOA, vol. 2007, pp. 55–64 (2007)

  63. Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A., Schneider, L.: The WonderWeb library of foundational ontologies: preliminary report. WonderWeb Deliverable D 17 (2002). https://www.bibsonomy.org/bibtex/2e13335234623f07ce0788f9d892e7169/berrueta

  64. Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A.: Wonderweb deliverable d18 ontology library (final). ICT Project 33052, 31 (2003)

    Google Scholar 

  65. Mizoguchi, R., Ikeda, M.: Towards ontology engineering. J. Jpn. Soc. Artif. Intell. 13, 9–10 (1998)

    Google Scholar 

  66. Möller, D.P.F.: Cybersecurity Ontology, pp. 99–109. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60570-4_7

    Book  Google Scholar 

  67. Mozzaquatro, B.A., Agostinho, C., Goncalves, D., Martins, J., Jardim-Goncalves, R.: An ontology-based cybersecurity framework for the internet of things. Sensors 18(9), 3053 (2018)

    Article  Google Scholar 

  68. Mundie, D.A., Ruefle, R., Dorofee, A.J., Perl, S.J., McCloud, J., Collins, M.: An incident management ontology. In: STIDS, pp. 62–71 (2014)

  69. Narayanan, S., Ganesan, A., Joshi, K., Oates, T., Joshi, A., Finin, T.: Cognitive techniques for early detection of cybersecurity events (2018). arXiv preprint arXiv:1808.00116

  70. Nurse, J.R.C., Creese, S., Goldsmith, M., Lamberts, K.: Trustworthy and effective communication of cybersecurity risks: a review. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 60–68 (2011). https://doi.org/10.1109/STAST.2011.6059257

  71. Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: STIDS, pp. 49–56 (2012)

  72. Oltramari, A., Kott, A.: Towards a reconceptualisation of cyber risk: an empirical and ontological study. J. Inf. Warf. 17(1), 49–73 (2018)

    Google Scholar 

  73. Oltramari, A., Vetere, G., Lenzerini, M., Gangemi, A., Guarino, N.: Senso comune. In: LREC (2010)

  74. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.D.: Building an ontology of cyber security. In: STIDS, pp. 54–61. Citeseer (2014)

  75. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.: Computational ontology of network operations. In: MILCOM 2015–2015 IEEE Military Communications Conference, pp. 318–323. IEEE (2015)

  76. Oltramari, A., Henshel, D.S., Cains, M., Hoffman, B.: Towards a human factors ontology for cyber security. In: STIDS, pp. 26–33 (2015)

  77. Onwubiko, C.: Cocoa: an ontology for cybersecurity operations centre analysis process. In: 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–8 (2018)

  78. Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic-based network security analyzer. In: USENIX Security Symposium, vol. 8, pp. 113–128, Baltimore (2005)

  79. Parmelee, M.C.: Toward an ontology architecture for cyber-security standards. STIDS 713, 116–123 (2010)

    Google Scholar 

  80. Peciña, K., Bilbao, A., Bilbao, E.: Physical and logical security risk analysis model. In: 2011 Carnahan Conference on Security Technology, pp. 1–7 (2011). https://doi.org/10.1109/CCST.2011.6095895

  81. Pipa, A.M.C.: Owl Ontology Quality Assessment and Optimization in the Cybersecurity Domain. Ph.D. thesis, Instituto Universitário de Lisboa (2018)

  82. Qin, S., Chow, K.P.: Automatic analysis and reasoning based on vulnerability knowledge graph. In: Ning, H. (ed.) Communications in Computer and Information Science, vol. 1137 CCIS, pp. 3–19. Springer Singapore, Singapore (2019). https://doi.org/10.1007/978-981-15-1922-2_1

  83. Sales, T.P., Guizzardi, G.: Ontological anti-patterns in taxonomic structures. In: ONTOBRAS (2019)

  84. Sales, T.P., Baião, F., Guizzardi, G., Almeida, J.P.A., Guarino, N., Mylopoulos, J.: The common ontology of value and risk. In: International Conference on Conceptual Modeling, pp. 121–135. Springer (2018)

  85. Scarpato, N., Cilia, N.D., Romano, M.: Reachability matrix ontology: a cybersecurity ontology. Appl. Artif. Intell. 33(7), 643–655 (2019)

    Article  Google Scholar 

  86. Schumacher, M.: 6. Toward a security core ontology. In: Security Engineering with Patterns, pp. 87–96. Springer (2003)

  87. Serrano, L., Martins, B.F., Serrano, J.F., Panach, J.I., Pastor, O.: Una encuesta acerca de la Definición de Conceptos de Ciberseguridad. Technical Report Version 1, Universidad Politecnica de Valencia (2021). https://riunet.upv.es/handle/10251/174756

  88. Sikos, L.F.: OWL Ontologies in Cybersecurity: Conceptual Modeling of Cyber-Knowledge, pp. 1–17. Springer, Cham (2019)

  89. Simperl, E., Bürger, T., Hangl, S., Wörgl, S., Popov, I.: Ontocom: a reliable cost estimation method for ontology development projects. J. Web Semant. 16, 1–16 (2012)

    Article  Google Scholar 

  90. Singhal, A., Ou, X.: Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs, pp. 53–73. Springer, Berlin (2017)

  91. Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: International Conference on Advanced Information Systems Engineering, pp. 61–69. Springer (2012)

  92. Studer, R., Benjamins, V.R., Fensel, D.: Knowledge engineering: principles and methods. Data Knowl. Eng. 25(1–2), 161–197 (1998)

    Article  Google Scholar 

  93. Syed, R.: Cybersecurity Vulnerability Management: A Conceptual Ontology and Cyber Intelligence Alert System 57(6), 10334. (2020). https://doi.org/10.1016/j.im.2020.103334

  94. Syed, R., Zhong, H.: Cybersecurity Vulnerability Management: An Ontology-Based Conceptual Model (2018). https://aisel.aisnet.org/amcis2018/Semantics/Presentations/6

  95. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)

  96. Takahashi, T., Kadobayashi, Y.: Cybersecurity information exchange techniques: cybersecurity information ontology and cybex. J. Natl. Inst. Inf. Commun. Technol. 58(3/4) (2011)

  97. Takahashi, T., Kadobayashi, Y.: Reference ontology for cybersecurity operational information. Comput. J. 58(10), 2297–2312 (2015)

  98. Takahashi, T., Fujiwara, H., Kadobayashi, Y.: Building ontology of cybersecurity operational information. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information intelligence Research, pp. 1–4 (2010)

  99. Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 100–109 (2010)

  100. Tissir, N., El Kafhali, S., Aboutabit, N.: Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal. J. Reliab. Intell. Environ. (2020). https://doi.org/10.1007/s40860-020-00115-0

    Article  Google Scholar 

  101. Undercofer, J., Joshi, A., Finin, T., Pinkston, J., et al.: A target-centric ontology for intrusion detection. In: Workshop on Ontologies in Distributed Systems, held at the 18th International Joint Conference on Artificial Intelligence (2003)

  102. Uschold, M., Gruninger, M.: Ontologies and semantics for seamless connectivity. ACM SIGMod Rec. 33(4), 58–64 (2004)

    Article  Google Scholar 

  103. Uschold, M., Gruninger, M., et al.: Ontologies: Principles, Methods and Applications. Technical Report, University of Edinburgh Artificial Intelligence Applications Institute AIAI TR (1996)

  104. Van Heijst, G., Schreiber, A.T., Wielinga, B.J.: Using explicit ontologies in kbs development. Int. J. Hum. Comput. Stud. 46(2–3), 183–292 (1997). https://doi.org/10.1006/ijhc.1996.0090

  105. Wand, Y., Weber, R.: On the deep structure of information systems. Inf. Syst. J. 5(3), 203–223 (1995)

    Article  Google Scholar 

  106. Wang, J.A., Guo, M.: Ovm: an ontology for vulnerability management. In: 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 1–4 (2009)

  107. Wang, J.Z., Ali, F.: An efficient ontology comparison tool for semantic web applications. In: The 2005 IEEE/WIC/ACM International Conference on Web Intelligence (WI’05), pp. 372–378. IEEE (2005)

  108. Wieringa, R.: Design Science Methodology for Information Systems and Software Engineering. Springer, Berlin (2014)

    Book  Google Scholar 

  109. Zuanelli, E.: The cybersecurity ontology platform: the POC solution. In: e-AGE2017, p. 1 (2017)

Download references

Acknowledgements

This work has been developed with the financial support of the Accenture LTD (Accenture Labs, Tel Aviv, Israel) and Spanish State Research Agency under the projects “Digital Knowledge Graph - Adaptable Analytics API” and MICIN/AEI/10.13039/501100011033 and co-financed with ERDF and the European Union NextGenerationEU/PRTR.

Author information

Authors and Affiliations

  1. Valencian Research Institute for Artificial Intelligence (VRAIN), Universitat Politècnica de València, Camino de Vera s/n, 46022, Valencia, Spain

    Beatriz Franco Martins, Lenin Javier Serrano Gil, José Fabián Reyes Román & Oscar Pastor

  2. Ingeniería de Sistemas e Informática, Universidad Pontificia Bolivariana, Km 7 via Bucaramanga, Piedecuesta, Santander, Colombia

    Lenin Javier Serrano Gil

  3. Escola Tècnica Superior d’Enginyeria, Universitat de València, Avinguda de l’Universitat, 46100, Burjassot, Valencia, Spain

    José Ignacio Panach

  4. Accenture Israel Cyber R &D Lab, Tel Aviv, Israel

    Moshe Hadad & Benny Rochwerger

Authors
  1. Beatriz Franco Martins
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Lenin Javier Serrano Gil
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. José Fabián Reyes Román
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. José Ignacio Panach
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Oscar Pastor
    View author publications

    You can also search for this author inPubMed Google Scholar

  6. Moshe Hadad
    View author publications

    You can also search for this author inPubMed Google Scholar

  7. Benny Rochwerger
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding authors

Correspondence to Beatriz Franco Martins or Oscar Pastor.

Additional information

Communicated by Dominik Bork and Janis Grabis.

In Memoriam and in honor of the first author’s beloved father Engr. Hélio Brandão Martins M.D., who passed away during the research and publication of this work.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Martins, B.F., Serrano Gil, L.J., Reyes Román, J.F. et al. A framework for conceptual characterization of ontologies and its application in the cybersecurity domain. Softw Syst Model 21, 1437–1464 (2022). https://doi.org/10.1007/s10270-022-01013-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-022-01013-0

Keywords