Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries

This paper discusses the problem of extracting and using knowledge of public directories of software attacks and vulnerabilities to build semantic threat models. The possible purpose of such models is using as a core of a knowledge management system in the software security field. The reason of using the semantic approach (ontologies, reasoning) is a huge number of different data sources in this field and difficulties to analyse them by hand. The proposed semantic model (OWL ontology) is based on the attack pattern (CAPEC) and weakness (CWE) concepts, and can “answer” the questions (by the DL and SPARQL queries), related to grouping (classification) of security concepts according given criteria. The implementation includes free software module (Java, OWL API), able to obtain the OWL ontology from the CAPEC and CWE files in the XML format. To illustrate given ideas, the Protege ontology editor, Pellet reasoner, and SNAP SPARQL plugin are used.

[1]  John Mylopoulos,et al.  Security attack analysis using attack patterns , 2016, 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS).

[2]  Vasileios Mavroeidis,et al.  Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence , 2017, 2017 European Intelligence and Security Informatics Conference (EISIC).

[3]  Robin A. Gandhi,et al.  Using semantic templates to study vulnerabilities recorded in large software repositories , 2010, SESS '10.

[4]  Mark A. Musen,et al.  Snap-SPARQL: A Java Framework for Working with SPARQL and OWL , 2015, OWLED.

[5]  Ankur Padia,et al.  UCO: A Unified Cybersecurity Ontology , 2016, AAAI Workshop: Artificial Intelligence for Cyber Security.