Cybersecurity Ontologies: A Systematic Literature Review


  • William Fernando Borja Rivadeneira Pontificia Universidad Católica del Ecuador Sede Ambato
  • Omar Salvador Gómez Gómez GrIISoft Research Group, Escuela Superior Politécnica de, Chimborazo Riobamba, Ecuador


Palabras clave:

Systematic Literature Review, Ontology, Cyber-security, Cybersecurity Ontologies, ICT


Cybersecurity is a young discipline that has gained relevance in our modern society. This research reports the findings of a systematic review of the literature on ontologies in the field of cybersecurity. From an initial set of 214 papers on the subject, 50 relevant papers were selected for this SLR. With these documents we answered research questions related to the domains in which ontologies are reported, the methodologies, tools and languages used, and the verification and validation mechanisms reported. As results, we observed that the largest number of ontologies are classified in the domains of infrastructure and networking, software and human factor. Regarding the papers that report the use of a methodology for developing the ontologies (12%), Methontology is the commonly used one. Protégé, in conjunction with the OWL language, are the preferred tools for ontology development. Regarding verification and validation (V&V) mechanisms, we observe that more than half (62%) report the application of V&V mechanisms to their ontologies.

Biografía del autor/a

William Fernando Borja Rivadeneira, Pontificia Universidad Católica del Ecuador Sede Ambato

Estudiante de Maestría


Alani, H. and Brewster, C. (2006). Metrics for ranking ontologies.

Albalushi, A., Khan, R., McLaughlin, K. and Sezer, S. (2018). Ontology-based approach for

malicious behaviour detection in synchrophasor networks. IEEE Power and Energy

Society General Meeting, 1-5.

Alqahtani, S. S. and Rilling, J. (2017). An Ontology-Based Approach to Automate Tagging of

Software Artifacts. International Symposium on Empirical Software Engineering and

Measurement, 169174.

Arpírez, J., Corcho, O., Fernandez, M. and Gómez, A. (2003). WebODE in a nutshell. AI


Baesso Moreira, G., Menditi Calegario, V., Duarte, J. C. and Pereira, Dos Santos, A. F. (2019).

Extending the VERIS Framework to an Incident Handling Ontology. 2018

IEEE/WIC/ACM International Conference on Web Intelligence, 8609628, 440-445.

Bataityte, K., Vassilev, V. and Gill, O.J. (2020). Ontological foundations of modelling security

policies for logical analytics. IFIP Advances in Information and Communication

Technology, 583, 368380.

Bergner, S. and Lechner, U. (2017). Cybersecurity ontology for critical infrastructures. 9th

International Joint Conference on Knowledge Discovery, Knowledge Engineering and

Knowledge Management, 2, 80-85.

Bernaras, A., Laresgoiti, I. and Corera, J. (1996). Building and reusing ontologies for electrical

network applications. Wahlster W (ed) European Conference on Artificial Intelligence

(ECAI’96), 298– 302.

Boley, H., Tabet, S. and Wagner, G. (2001). Design Rationale of RuleML: A Markup Language

for Semantic Web Rules. In the first Semantic Web Working Symposium.

Brewster, C., Alani, H., Dasmahapatra, S. and Wilks, Y. (2004). Data driven ontology evaluation.

Burita, L. (2019). Model of a Vocabulary. Frontiers in Artificial Intelligence and Applications, 321,

Chukkapalli, S. S. L., Piplai, A., Mittal, S., Gupta, M. and Joshi, A. (2020). A Smart-Farming

Ontology for Attribute Based Access Control. 2020 IEEE 6th Intl Conference on Big Data

Security on Cloud, BigDataSecurity 2020, 2020 IEEE Intl Conference on High

Performance and Smart Computing, HPSC 2020 and 2020 IEEE Intl Conference on

Intelligent Data and Security, 9123052, 29-34.

Chun, S.A. and Geller, J. (2015). Developing a pedagogical cybersecurity ontology.

Communications in Computer and Information Science, 178, 117-135.

Data and Knowledge Group. HermiT OWL Reasoner: The New Kid on the OWL Block.

Department of

Computer Science, University of Oxford,

Dean, M. and Schreiber, G. (2003). OWL Web Ontology Language


Doynikova, E., Fedorchenko, A. and Kotenko, I. (2019). Ontology of metrics for cyber security

assessment. ACM International Conference Proceeding Series, 3341496.

Duque, A. and Fernandez, J. (2011). OQuaRE: A SQuaRE-based Approach for Evaluating the

Quality of Ontologies. Journal of Research and Practice in Information Technology.

Elnagdy, S.A., Qiu, M. and Gai, K. (2016). Cyber Incident Classifications Using Ontology-Based

Knowledge Representation for Cybersecurity Insurance in Financial Industry. 3rd IEEE

International Conference on Cyber Security and Cloud Computing, CSCloud 2016 and

nd IEEE International Conference of Scalable and Smart Cloud, SSC 2016, 7545936,


Falk, C. (2016). An ontology for threat intelligence. European Conference on Information Warfare

and Security, ECCWS, 111-116.

Farquhar, A., Fikes, R. and Rice, J. (1997). The Ontolingua Server: A Tool for Collaborative

Ontology Construction. International Journal of Human Computer Studies, 46(6), 707–

Fernandez, M., Gomez, A. and Juristo, N. (1997). METHONTOLOGY: From Ontological Art

Towards Ontological Engineering. Spring Symposium on Ontological Engineering of

AAAI, 33-40.

Fernandez, M., Overbeeke, C., Sabou, M. and Motta, E. (2009). What makes a good ontology?

A casestudy in fine-grained knowledge reuse. The semantic web, Springer, 61-75.

Fontenele, M. and Sun, L. (2016). Knowledge management of cyber security expertise: An

ontological approach to talent discovery. 2016 International Conference on Cyber

Security and Protection of Digital Services, Cyber Security 2016, 7502356.

Gangemi, A., Guarino, N., Oltramari, A. and Borgo, S. (2002). Cleaning-up WordNet's Top- Level.

st International WordNet Conference.

Gasmi, H., Laval, J. and Bouras, A. (2019). Cold-start cybersecurity ontology population using

information extraction with LSTM. 2019 International Conference on Cyber Security for

Emerging Technologies, 8904905.

Gcaza, N., Von, Solms, R. and Van, Vuuren, J. (2015). An ontology for a national cyber-security

culture environment. 9th International Symposium on Human Aspects of Information

Security and Assurance, HAISA 2015, 1-10.

Geller, J., Ae Chun, S. and Wali, A. (2014). A hybrid approach to developing a cyber security

ontology. 3rd International Conference on Data Management Technologies and

Applications, 377-384.

Grüninger, M. and Fox, M. (1995). Methodology for the design and evaluation of ontologies.

Skuce D

(eds) IJCAI’95 Workshop on Basic Ontological Issues in Knowledge Sharing, 6.1-6.10.

Hartmann, J., Spyns, P., Giboin, A., Maynard, D., Cuel, R., Carmen, M. and Sure, Y. (2004).

Methods for ontology evaluation. Knowledge Web Deliverable D1.2.3, 1.

Hieb, J., Graham, J. and Guan, J. (2009). An ontology for identifying cyber intrusion induced faults

in process control systems. IFIP Advances in Information and Communication

Technology, 311, 125-138.

Horrocks, I. and van Harmelen F. (2001). Reference Description of the DAML+OIL (March 2001)

Ontology Markup Language.

Huang, H., Lee, C., Wang, M. and Kao, H. (2014). IT2FS-based ontology with soft-computing

mechanism for malware behavior analysis. Soft Computing, 18, 267-284.

Iannacone, M., Bohn, S., Nakamura, G., Gerth, J., Huffer, K., Bridges, R., Ferragut, E. and

Goodall, J. (2015). Developing an ontology for cyber security knowledge graphs. ACM

International Conference, 12.

Islam, C., Babar, M.A. and Nepal, S. (2019). An ontology-driven approach to automating the

process of integrating security software systems. 2019 IEEE/ACM International

Conference on Software and System Processes, 8812856, 54-63.

Karp, P., Chaudhri, V. and Thomere, J. (1999). XOL: An XML-Based Ontology Exchange


Katsantonis, M. and Mavridis, I. (2019). Ontology-Based Modelling for Cyber Security E-Learning

and Training. Computer Science, 11841, 15-27.

KBSI (1994). The IDEF5 Ontology Description Capture Method Overview. KBSI Report.

Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Software Engineering

Group Department of Computer Science.

Laskey, K. B., Chandekar, S. and Paris, B. (2015). A probabilistic ontology for large-scale IP

geolocation. CEUR Workshop, 1523, 18-25.

Lenat, D. and Guha, R. (1990). Building Large Knowledge-based Systems: Representation and

Inference in the Cyc Project. Addison-Wesley

Lozano, A. and Gómez, A. (2004). ONTOMETRIC: A Method to Choose the Appropriate

Ontology. Journal of Database Management. Special Issue on Ontological analysis,

Evaluation and Engineering of Business Systems Analysis Methods, 15.

Luke, S. and Heflin, J. (2000). SHOE 1.01. Proposed Specification. Technical Report. Parallel

Understanding Systems Group.

Maathuis, C., Pieters, W. and Van, Den, Berg, J. (2018). A computational ontology for cyber


European Conference on Information Warfare and Security, ECCWS, 278-287.

Maines, C. L., Llewellyn Jones, D., Tang, S. and Zhou, B. (2015). A cyber security ontology for

BPMNsecurity extensions. 15th IEEE International Conference on Computer and

Information Technology, CIT 2015, 14th IEEE International Conference on Ubiquitous

Computing and Communications, IUCC 2015, 13th IEEE International Conference on

Dependable, Autonomic and Secure Computing, DASC 2015 and 13th IEEE

International Conference on Pervasive Intelligence and Computing, PICom 2015,

, 1756-1763.

Mozzaquatro, B.A., Agostinho, C., Goncalves, D., Martins, J. and Jardim-Goncalves, R. (2018).

An ontology-based cybersecurity framework for the internet of things. Sensors, 18(3053).

Neches, R., Fikes, R. E., Finin T., Gruber, T. R., Senator, T. and Swartout, W. R. (1991). Enabling

technology for knowledge sharing. AI Magazine, 12(3), 36-56.

Niyazova, R., Aktayeva, Al. and Davletkireeva, L. (2019). An Ontology based Model for User

Profile building using Social Network. ACM International Conference Proceeding Series,

Noy, N. F. and McGuinness, D. L. (2001). Ontology development 101: A guide to creating your

first ontology. Stanford knowledge systems laboratory technical report KSL-01-05 and

Stanford medical informatics technical report.

Noy, N., Fergerson, R. and Musen, M. (2000). The knowledge model of Protege-2000: Combining

interoperability and flexibility. Springer-Verlag, 17–32.

Obrst, L., Chase, P. and Markeloff, R. (2014). Developing an ontology of the cyber security

domain. CEUR Workshop, 966, 49-56.

Ochoa, O., Steinmann, J. and Lischuk, Y. (2018). Towards eliciting and analyzing security

requirements using ontologies through use case scenarios (work-in-progress). 2018 4th

International Conference on Software Security and Assurance, ICSSA 2018, 9092285,


Oltramari, A., Cranor, L. F., Walls, R. J. and McDaniel, P. (2014). Building an ontology of cyber

security. CEUR Workshop, 1304, 54-61.

Oltramari, A., Cranor, L. F., Walls, R. J. and McDaniel, P. (2015). Computational ontology of

network operations. IEEE Military Communications Conference MILCOM, 7357462, 318-

Oltramari, A., Henshel, D., Cains, M. and Hoffman, B. (2015). Towards a human factors ontology

for cyber security. CEUR Workshop, 1523, 26-33.

Onwubiko, C. (2018). CoCoa: An ontology for cybersecurity operations centre analysis process.

International Conference on Cyber Situational Awareness, Data Analytics and

Assessment, CyberSA 2018, 8551486.

Petrenko, S. A. and Makoveichuk, K. A. (2017). Ontology of cyber security of self-recovering

smart Grid. CEUR Workshop, 2081, 98-106.

Poveda, M., Suárez M. C. and Gómez, A. (2015). Did You Validate Your Ontology? OOPS!.

ESWC 2012 Satellite Events, 402–407.

Raad, J. and Cruz, C. (2015). A Survey on Ontology Evaluation Methods. Proceedings of the

International Conference on Knowledge Engineering and Ontology Development, part of the

th International Joint Conference on Knowledge Discovery, Knowledge Engineering and

Knowledge Management.

Razzaq, A., Anwar, Z., Ahmad, H. F., Latif, K. and Munir, F. (2014). Ontology for attack detection:

An intelligent approach to web application security. Computers and Security, 45, 124-

Salem, M. B. and Wacek, C. (2015). Enabling new technologies for cyber security defense with

the ICAS cyber security ontology. CEUR Workshop, 1523, 42-49.

Scarpato, N., Cilia, N.D. and Romano, M. (2019). Reachability Matrix Ontology: A Cybersecurity

Ontology. Applied Artificial Intelligence, 33, 643-655.

Shaaban, A. M., Schmittner, C. and Gruber, T. (2019). Tackling the challenges of IoT security

testing using ontologies. IDIMT 2019: Innovation and Transformation in a Digital World -

th Interdisciplinary Information Management Talks, 411-418.

Simmonds, A., Sandilands, P. and Van Ekert, L. (2004). An ontology for network security attacks.

Computer Science, 3285, 317-323.

Singer, P. W. and Friedman, A. (2014). Cybersecurity and Cyberwar What Everyone Needs to

Know. Oxford University Press

Spyns, P., Pretorius, A. and Reinberger, M. (2004). Evaluating DOGMA-lexons generated

automatically from a text corpus. Proceedings of the EKAW 2004 Workshop on Language

and Semantic Technologies to support Knowledge Management Processes, 38 – 44.

Staab, S., Schnurr, H., Studer, R. and Sure, Y. (2001). Knowledge Processes and Ontologies.

IEEE Intelligent Systems, 16(1), 26–34.

Sure, Y., Erdmann, M., Angele, J., Staab, S., Studer, R. and Wenke, D. (2002). OntoEdit:

Collaborative Ontology Engineering for the Semantic Web. Springer- Verlag, 221–235.

Swartout, B., Ramesh, P., Knight, K. and Russ, T. (1997). Toward Distributed Use of Large- Scale

Ontologies. Spring Symposium on Ontological Engineering, 138–148.

Syed, R. (2020). Cybersecurity vulnerability management: A conceptual ontology and cyber

intelligence alert system. Information and Management, 57 (103334).

Syed, Z., Pädia, A., Finin, T., Mathews, L. and Joshi, A. (2016). UCO: A Unified Cybersecurity

Ontology. AAAI Workshop - Technical Report, 195-202.

Takahashi, T. and Kadobayashi, Y. (2011). 3-5 Cybersecurity information exchange techniques:

Cybersecurity information ontology and CYBEX. Journal of the National Institute of

Information and Communications Technology, 58, 127-135.

Takahashi, T. and Kadobayashi, Y. (2014). Reference Ontology for Cybersecurity Operational

Information. Computer Journal, 58, 2297-2312.

Takahashi, T., Kadobayashi, Y. and Fujiwara, H. (2010). Ontological approach toward

cybersecurity in cloud computing. 3rd International Conference of Security of Information

and Networks, 100109.

Thakur, K. and Pathan, A. (2014). Cybersecurity Fundamentals. CRC Press

Tseng, S., Lin, S., Mao, C., Lee, T., Qiu, G. and Lin, M. (2017). An ontology guiding assessment

framework for hacking competition. 10th International Conference on Ubi-Media

Computing and Workshops with the 4th International Workshop on Advanced E-Learning

and the 1st International Workshop on Multimedia and IoT: Networks, Systems and

Applications, 8074131.

Ulanov, A., Shevlyakov, G., Lyubomishchenko, N., Mehra, P. and Polutin, V. (2010). Monte Carlo

Study of Taxonomy Evaluation. In Database and Expert Systems Applications (DEXA),


Uschold, M. and King, M. (1995). Towards a Methodology for Building Ontologies. Skuce D (eds)

IJCAI’95 Workshop on Basic Ontological Issues in Knowledge Sharing, 6.1-6.10.

Van Vuuren, J. J., Leenen, L. and Zaaiman, J. (2014). Using an ontology as a model for the

implementation of the national cybersecurity policy framework for South Africa. 9th

International Conference on Cyber Warfare and Security 2014, ICCWS 2014, 107-115.

Vega Barbas, M., Villagrá, V. A., Monje, F., Riesco, R., Larriva Novo, X. and Berrocal, J. (2019).

Ontology-based system for dynamic risk management in administrative domains.

Wali, A., Chun, S. A. and Geller, J. (2013). A bootstrapping approach for developing a cybersecurity ontology using textbook index terms. 2013 International Conference on

Availability, Reliability and Security, ARES 2013, 6657291, 569-576.

Welty, C., Mahindru, R. and Chu-Carroll, J. (2003). Evaluating ontological analysis. Semantic

Integration Workshop, 92.

Zamfira, A., Fat, R. and Cenan, C. (2019). Applying semantic web technologies to discover an

ontology of computer attacks. Scalable Computing, 20, 699-707.

Zamfira, A. C. and Ciocarlie H. (2018). Developing an ontology of cyber-operations in networks

of computers. 2018 IEEE 14th International Conference on Intelligent Computer

Communication and Processing, ICCP 2018, 8516644, 395-400.

Zhao, Y., Lang, B. and Liu, M. (2018). Ontology-based unified model for heterogeneous threat

intelligence integration and sharing. International Conference on Anti-Counterfeiting,

Security and Identification, ASID, 11-15.

Zheng, H., Wang, Y., Han, C., Le, F., He, R. and Lu, J. (2018). Learning and Applying Ontology

for Machine Learning in Cyber Attack Detection. 17th IEEE International Conference on


Security and Privacy in Computing and Communications and 12th IEEE International

Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018, 8456049,




Cómo citar

Borja Rivadeneira, W. F., & Gómez Gómez, O. S. (2021). Cybersecurity Ontologies: A Systematic Literature Review. ReCIBE, Revista electrónica De Computación, Informática, Biomédica Y Electrónica, 9(2), C2–18.



Computación e Informática