Cybersecurity Ontologies: A Systematic Literature Review
DOI:
https://doi.org/10.32870/recibe.v9i2.181Palabras clave:
Systematic Literature Review, Ontology, Cyber-security, Cybersecurity Ontologies, ICTResumen
Cybersecurity is a young discipline that has gained relevance in our modern society. This research reports the findings of a systematic review of the literature on ontologies in the field of cybersecurity. From an initial set of 214 papers on the subject, 50 relevant papers were selected for this SLR. With these documents we answered research questions related to the domains in which ontologies are reported, the methodologies, tools and languages used, and the verification and validation mechanisms reported. As results, we observed that the largest number of ontologies are classified in the domains of infrastructure and networking, software and human factor. Regarding the papers that report the use of a methodology for developing the ontologies (12%), Methontology is the commonly used one. Protégé, in conjunction with the OWL language, are the preferred tools for ontology development. Regarding verification and validation (V&V) mechanisms, we observe that more than half (62%) report the application of V&V mechanisms to their ontologies.Citas
Alani, H. and Brewster, C. (2006). Metrics for ranking ontologies.
Albalushi, A., Khan, R., McLaughlin, K. and Sezer, S. (2018). Ontology-based approach for
malicious behaviour detection in synchrophasor networks. IEEE Power and Energy
Society General Meeting, 1-5.
Alqahtani, S. S. and Rilling, J. (2017). An Ontology-Based Approach to Automate Tagging of
Software Artifacts. International Symposium on Empirical Software Engineering and
Measurement, 169174.
Arpírez, J., Corcho, O., Fernandez, M. and Gómez, A. (2003). WebODE in a nutshell. AI
Magazine.
Baesso Moreira, G., Menditi Calegario, V., Duarte, J. C. and Pereira, Dos Santos, A. F. (2019).
Extending the VERIS Framework to an Incident Handling Ontology. 2018
IEEE/WIC/ACM International Conference on Web Intelligence, 8609628, 440-445.
Bataityte, K., Vassilev, V. and Gill, O.J. (2020). Ontological foundations of modelling security
policies for logical analytics. IFIP Advances in Information and Communication
Technology, 583, 368380.
Bergner, S. and Lechner, U. (2017). Cybersecurity ontology for critical infrastructures. 9th
International Joint Conference on Knowledge Discovery, Knowledge Engineering and
Knowledge Management, 2, 80-85.
Bernaras, A., Laresgoiti, I. and Corera, J. (1996). Building and reusing ontologies for electrical
network applications. Wahlster W (ed) European Conference on Artificial Intelligence
(ECAI’96), 298– 302.
Boley, H., Tabet, S. and Wagner, G. (2001). Design Rationale of RuleML: A Markup Language
for Semantic Web Rules. In the first Semantic Web Working Symposium.
Brewster, C., Alani, H., Dasmahapatra, S. and Wilks, Y. (2004). Data driven ontology evaluation.
Burita, L. (2019). Model of a Vocabulary. Frontiers in Artificial Intelligence and Applications, 321,
Chukkapalli, S. S. L., Piplai, A., Mittal, S., Gupta, M. and Joshi, A. (2020). A Smart-Farming
Ontology for Attribute Based Access Control. 2020 IEEE 6th Intl Conference on Big Data
Security on Cloud, BigDataSecurity 2020, 2020 IEEE Intl Conference on High
Performance and Smart Computing, HPSC 2020 and 2020 IEEE Intl Conference on
Intelligent Data and Security, 9123052, 29-34.
Chun, S.A. and Geller, J. (2015). Developing a pedagogical cybersecurity ontology.
Communications in Computer and Information Science, 178, 117-135.
Data and Knowledge Group. HermiT OWL Reasoner: The New Kid on the OWL Block.
Department of
Computer Science, University of Oxford, http://www.hermit-reasoner.com/
Dean, M. and Schreiber, G. (2003). OWL Web Ontology Language
Reference.
http://www.w3.org/TR/owl-ref/
Doynikova, E., Fedorchenko, A. and Kotenko, I. (2019). Ontology of metrics for cyber security
assessment. ACM International Conference Proceeding Series, 3341496.
Duque, A. and Fernandez, J. (2011). OQuaRE: A SQuaRE-based Approach for Evaluating the
Quality of Ontologies. Journal of Research and Practice in Information Technology.
Elnagdy, S.A., Qiu, M. and Gai, K. (2016). Cyber Incident Classifications Using Ontology-Based
Knowledge Representation for Cybersecurity Insurance in Financial Industry. 3rd IEEE
International Conference on Cyber Security and Cloud Computing, CSCloud 2016 and
nd IEEE International Conference of Scalable and Smart Cloud, SSC 2016, 7545936,
-306.
Falk, C. (2016). An ontology for threat intelligence. European Conference on Information Warfare
and Security, ECCWS, 111-116.
Farquhar, A., Fikes, R. and Rice, J. (1997). The Ontolingua Server: A Tool for Collaborative
Ontology Construction. International Journal of Human Computer Studies, 46(6), 707–
Fernandez, M., Gomez, A. and Juristo, N. (1997). METHONTOLOGY: From Ontological Art
Towards Ontological Engineering. Spring Symposium on Ontological Engineering of
AAAI, 33-40.
Fernandez, M., Overbeeke, C., Sabou, M. and Motta, E. (2009). What makes a good ontology?
A casestudy in fine-grained knowledge reuse. The semantic web, Springer, 61-75.
Fontenele, M. and Sun, L. (2016). Knowledge management of cyber security expertise: An
ontological approach to talent discovery. 2016 International Conference on Cyber
Security and Protection of Digital Services, Cyber Security 2016, 7502356.
Gangemi, A., Guarino, N., Oltramari, A. and Borgo, S. (2002). Cleaning-up WordNet's Top- Level.
st International WordNet Conference.
Gasmi, H., Laval, J. and Bouras, A. (2019). Cold-start cybersecurity ontology population using
information extraction with LSTM. 2019 International Conference on Cyber Security for
Emerging Technologies, 8904905.
Gcaza, N., Von, Solms, R. and Van, Vuuren, J. (2015). An ontology for a national cyber-security
culture environment. 9th International Symposium on Human Aspects of Information
Security and Assurance, HAISA 2015, 1-10.
Geller, J., Ae Chun, S. and Wali, A. (2014). A hybrid approach to developing a cyber security
ontology. 3rd International Conference on Data Management Technologies and
Applications, 377-384.
Grüninger, M. and Fox, M. (1995). Methodology for the design and evaluation of ontologies.
Skuce D
(eds) IJCAI’95 Workshop on Basic Ontological Issues in Knowledge Sharing, 6.1-6.10.
Hartmann, J., Spyns, P., Giboin, A., Maynard, D., Cuel, R., Carmen, M. and Sure, Y. (2004).
Methods for ontology evaluation. Knowledge Web Deliverable D1.2.3, 1.
Hieb, J., Graham, J. and Guan, J. (2009). An ontology for identifying cyber intrusion induced faults
in process control systems. IFIP Advances in Information and Communication
Technology, 311, 125-138.
Horrocks, I. and van Harmelen F. (2001). Reference Description of the DAML+OIL (March 2001)
Ontology Markup Language. http://www.daml.org/2001/03/reference.html
Huang, H., Lee, C., Wang, M. and Kao, H. (2014). IT2FS-based ontology with soft-computing
mechanism for malware behavior analysis. Soft Computing, 18, 267-284.
Iannacone, M., Bohn, S., Nakamura, G., Gerth, J., Huffer, K., Bridges, R., Ferragut, E. and
Goodall, J. (2015). Developing an ontology for cyber security knowledge graphs. ACM
International Conference, 12.
Islam, C., Babar, M.A. and Nepal, S. (2019). An ontology-driven approach to automating the
process of integrating security software systems. 2019 IEEE/ACM International
Conference on Software and System Processes, 8812856, 54-63.
Karp, P., Chaudhri, V. and Thomere, J. (1999). XOL: An XML-Based Ontology Exchange
Language. http://www.ai.sri.com/~pkarp/xol/xol.html
Katsantonis, M. and Mavridis, I. (2019). Ontology-Based Modelling for Cyber Security E-Learning
and Training. Computer Science, 11841, 15-27.
KBSI (1994). The IDEF5 Ontology Description Capture Method Overview. KBSI Report.
Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Software Engineering
Group Department of Computer Science.
Laskey, K. B., Chandekar, S. and Paris, B. (2015). A probabilistic ontology for large-scale IP
geolocation. CEUR Workshop, 1523, 18-25.
Lenat, D. and Guha, R. (1990). Building Large Knowledge-based Systems: Representation and
Inference in the Cyc Project. Addison-Wesley
Lozano, A. and Gómez, A. (2004). ONTOMETRIC: A Method to Choose the Appropriate
Ontology. Journal of Database Management. Special Issue on Ontological analysis,
Evaluation and Engineering of Business Systems Analysis Methods, 15.
Luke, S. and Heflin, J. (2000). SHOE 1.01. Proposed Specification. Technical Report. Parallel
Understanding Systems Group.
http://www.cs.umd.edu/projects/plus/SHOE/spec1.01.htm
Maathuis, C., Pieters, W. and Van, Den, Berg, J. (2018). A computational ontology for cyber
operations.
European Conference on Information Warfare and Security, ECCWS, 278-287.
Maines, C. L., Llewellyn Jones, D., Tang, S. and Zhou, B. (2015). A cyber security ontology for
BPMNsecurity extensions. 15th IEEE International Conference on Computer and
Information Technology, CIT 2015, 14th IEEE International Conference on Ubiquitous
Computing and Communications, IUCC 2015, 13th IEEE International Conference on
Dependable, Autonomic and Secure Computing, DASC 2015 and 13th IEEE
International Conference on Pervasive Intelligence and Computing, PICom 2015,
, 1756-1763.
Mozzaquatro, B.A., Agostinho, C., Goncalves, D., Martins, J. and Jardim-Goncalves, R. (2018).
An ontology-based cybersecurity framework for the internet of things. Sensors, 18(3053).
Neches, R., Fikes, R. E., Finin T., Gruber, T. R., Senator, T. and Swartout, W. R. (1991). Enabling
technology for knowledge sharing. AI Magazine, 12(3), 36-56.
Niyazova, R., Aktayeva, Al. and Davletkireeva, L. (2019). An Ontology based Model for User
Profile building using Social Network. ACM International Conference Proceeding Series,
Noy, N. F. and McGuinness, D. L. (2001). Ontology development 101: A guide to creating your
first ontology. Stanford knowledge systems laboratory technical report KSL-01-05 and
Stanford medical informatics technical report.
Noy, N., Fergerson, R. and Musen, M. (2000). The knowledge model of Protege-2000: Combining
interoperability and flexibility. Springer-Verlag, 17–32.
Obrst, L., Chase, P. and Markeloff, R. (2014). Developing an ontology of the cyber security
domain. CEUR Workshop, 966, 49-56.
Ochoa, O., Steinmann, J. and Lischuk, Y. (2018). Towards eliciting and analyzing security
requirements using ontologies through use case scenarios (work-in-progress). 2018 4th
International Conference on Software Security and Assurance, ICSSA 2018, 9092285,
-6.
Oltramari, A., Cranor, L. F., Walls, R. J. and McDaniel, P. (2014). Building an ontology of cyber
security. CEUR Workshop, 1304, 54-61.
Oltramari, A., Cranor, L. F., Walls, R. J. and McDaniel, P. (2015). Computational ontology of
network operations. IEEE Military Communications Conference MILCOM, 7357462, 318-
Oltramari, A., Henshel, D., Cains, M. and Hoffman, B. (2015). Towards a human factors ontology
for cyber security. CEUR Workshop, 1523, 26-33.
Onwubiko, C. (2018). CoCoa: An ontology for cybersecurity operations centre analysis process.
International Conference on Cyber Situational Awareness, Data Analytics and
Assessment, CyberSA 2018, 8551486.
Petrenko, S. A. and Makoveichuk, K. A. (2017). Ontology of cyber security of self-recovering
smart Grid. CEUR Workshop, 2081, 98-106.
Poveda, M., Suárez M. C. and Gómez, A. (2015). Did You Validate Your Ontology? OOPS!.
ESWC 2012 Satellite Events, 402–407.
Raad, J. and Cruz, C. (2015). A Survey on Ontology Evaluation Methods. Proceedings of the
International Conference on Knowledge Engineering and Ontology Development, part of the
th International Joint Conference on Knowledge Discovery, Knowledge Engineering and
Knowledge Management.
Razzaq, A., Anwar, Z., Ahmad, H. F., Latif, K. and Munir, F. (2014). Ontology for attack detection:
An intelligent approach to web application security. Computers and Security, 45, 124-
Salem, M. B. and Wacek, C. (2015). Enabling new technologies for cyber security defense with
the ICAS cyber security ontology. CEUR Workshop, 1523, 42-49.
Scarpato, N., Cilia, N.D. and Romano, M. (2019). Reachability Matrix Ontology: A Cybersecurity
Ontology. Applied Artificial Intelligence, 33, 643-655.
Shaaban, A. M., Schmittner, C. and Gruber, T. (2019). Tackling the challenges of IoT security
testing using ontologies. IDIMT 2019: Innovation and Transformation in a Digital World -
th Interdisciplinary Information Management Talks, 411-418.
Simmonds, A., Sandilands, P. and Van Ekert, L. (2004). An ontology for network security attacks.
Computer Science, 3285, 317-323.
Singer, P. W. and Friedman, A. (2014). Cybersecurity and Cyberwar What Everyone Needs to
Know. Oxford University Press
Spyns, P., Pretorius, A. and Reinberger, M. (2004). Evaluating DOGMA-lexons generated
automatically from a text corpus. Proceedings of the EKAW 2004 Workshop on Language
and Semantic Technologies to support Knowledge Management Processes, 38 – 44.
Staab, S., Schnurr, H., Studer, R. and Sure, Y. (2001). Knowledge Processes and Ontologies.
IEEE Intelligent Systems, 16(1), 26–34.
Sure, Y., Erdmann, M., Angele, J., Staab, S., Studer, R. and Wenke, D. (2002). OntoEdit:
Collaborative Ontology Engineering for the Semantic Web. Springer- Verlag, 221–235.
Swartout, B., Ramesh, P., Knight, K. and Russ, T. (1997). Toward Distributed Use of Large- Scale
Ontologies. Spring Symposium on Ontological Engineering, 138–148.
Syed, R. (2020). Cybersecurity vulnerability management: A conceptual ontology and cyber
intelligence alert system. Information and Management, 57 (103334).
Syed, Z., Pädia, A., Finin, T., Mathews, L. and Joshi, A. (2016). UCO: A Unified Cybersecurity
Ontology. AAAI Workshop - Technical Report, 195-202.
Takahashi, T. and Kadobayashi, Y. (2011). 3-5 Cybersecurity information exchange techniques:
Cybersecurity information ontology and CYBEX. Journal of the National Institute of
Information and Communications Technology, 58, 127-135.
Takahashi, T. and Kadobayashi, Y. (2014). Reference Ontology for Cybersecurity Operational
Information. Computer Journal, 58, 2297-2312.
Takahashi, T., Kadobayashi, Y. and Fujiwara, H. (2010). Ontological approach toward
cybersecurity in cloud computing. 3rd International Conference of Security of Information
and Networks, 100109.
Thakur, K. and Pathan, A. (2014). Cybersecurity Fundamentals. CRC Press
Tseng, S., Lin, S., Mao, C., Lee, T., Qiu, G. and Lin, M. (2017). An ontology guiding assessment
framework for hacking competition. 10th International Conference on Ubi-Media
Computing and Workshops with the 4th International Workshop on Advanced E-Learning
and the 1st International Workshop on Multimedia and IoT: Networks, Systems and
Applications, 8074131.
Ulanov, A., Shevlyakov, G., Lyubomishchenko, N., Mehra, P. and Polutin, V. (2010). Monte Carlo
Study of Taxonomy Evaluation. In Database and Expert Systems Applications (DEXA),
-168.
Uschold, M. and King, M. (1995). Towards a Methodology for Building Ontologies. Skuce D (eds)
IJCAI’95 Workshop on Basic Ontological Issues in Knowledge Sharing, 6.1-6.10.
Van Vuuren, J. J., Leenen, L. and Zaaiman, J. (2014). Using an ontology as a model for the
implementation of the national cybersecurity policy framework for South Africa. 9th
International Conference on Cyber Warfare and Security 2014, ICCWS 2014, 107-115.
Vega Barbas, M., Villagrá, V. A., Monje, F., Riesco, R., Larriva Novo, X. and Berrocal, J. (2019).
Ontology-based system for dynamic risk management in administrative domains.
Wali, A., Chun, S. A. and Geller, J. (2013). A bootstrapping approach for developing a cybersecurity ontology using textbook index terms. 2013 International Conference on
Availability, Reliability and Security, ARES 2013, 6657291, 569-576.
Welty, C., Mahindru, R. and Chu-Carroll, J. (2003). Evaluating ontological analysis. Semantic
Integration Workshop, 92.
Zamfira, A., Fat, R. and Cenan, C. (2019). Applying semantic web technologies to discover an
ontology of computer attacks. Scalable Computing, 20, 699-707.
Zamfira, A. C. and Ciocarlie H. (2018). Developing an ontology of cyber-operations in networks
of computers. 2018 IEEE 14th International Conference on Intelligent Computer
Communication and Processing, ICCP 2018, 8516644, 395-400.
Zhao, Y., Lang, B. and Liu, M. (2018). Ontology-based unified model for heterogeneous threat
intelligence integration and sharing. International Conference on Anti-Counterfeiting,
Security and Identification, ASID, 11-15.
Zheng, H., Wang, Y., Han, C., Le, F., He, R. and Lu, J. (2018). Learning and Applying Ontology
for Machine Learning in Cyber Attack Detection. 17th IEEE International Conference on
Trust,
Security and Privacy in Computing and Communications and 12th IEEE International
Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018, 8456049,
