Web of cybersecurity: Linking, locating, and discovering structured cybersecurity information

Cybersecurity is one of the main concerns of many organizations today, and accessibility to cybersecurity information in a timely manner is crucial to maintaining cybersecurity. Various repositories of cybersecurity‐related information are publicly available on the Internet. However, users are unaware of many of them, and it is impractical for them to keep track of all of them. Cybersecurity information stored in these repositories must be able to be located and accessed by the parties who need it. To address this issue, this paper proposes a mechanism of linking, locating, and discovering various cybersecurity information to improve its accessibility in a timely manner. This mechanism allows us to locate various cybersecurity information having different schemata by generating metadata with which a list of cybersecurity information is managed. The information structure incorporated in this mechanism is unique, and it makes our mechanism flexible and extensible. The structure consists of categories and formats that are linked to each other. The mechanism can propagate information updates to minimize the risk of obsolete information. This paper also introduces a prototype of the mechanism to demonstrate its feasibility, and it analyzes the mechanism's extensibility, scalability, and information credibility. Through this study, we aim to improve the accessibility of cybersecurity information on the Internet and facilitate information sharing beyond organizational borders, with the eventual goal of creating a web of cybersecurity.

[1]  David Waltermire,et al.  Resource-Oriented Lightweight Information Exchange (ROLIE) , 2018, RFC.

[2]  Daisuke Miyamoto,et al.  Toward automated vulnerability monitoring using open information and standardized tools , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[3]  Nancy Cam-Winget,et al.  XMPP Protocol Extensions for Use with IODEF , 2015 .

[4]  Youki Kadobayashi,et al.  Reference Ontology for Cybersecurity Operational Information , 2015, Comput. J..

[5]  Hsinchun Chen,et al.  Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops , 2015, 2015 IEEE International Conference on Intelligence and Security Informatics (ISI).

[6]  Robert A. Bridges,et al.  Towards a Relation Extraction Framework for Cyber-Security Concepts , 2015, CISR.

[7]  Youki Kadobayashi,et al.  Mechanism for Linking and Discovering Structured Cybersecurity Information over Networks , 2014, 2014 IEEE International Conference on Semantic Computing.

[8]  Hai Dong,et al.  Self-Adaptive Semantic Focused Crawler for Mining Services Information Discovery , 2014, IEEE Transactions on Industrial Informatics.

[9]  Timothy W. Finin,et al.  Extracting Cybersecurity Related Linked Data from Text , 2013, 2013 IEEE Seventh International Conference on Semantic Computing.

[10]  Amirreza Masoumzadeh,et al.  Privacy settings in social networking systems: what you cannot control , 2013, ASIA CCS '13.

[11]  Hao Wang,et al.  Measuring and ranking attacks based on vulnerability analysis , 2012, Inf. Syst. E Bus. Manag..

[12]  Timothy W. Finin,et al.  A Knowledge-Based Approach to Intrusion Detection Modeling , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[13]  Leo Obrst,et al.  Developing an Ontology of the Cyber Security Domain , 2012, STIDS.

[14]  Karen A. Scarfone,et al.  Common Platform Enumeration: Naming Specification Version 2.3 , 2011 .

[15]  Ya-Hui Chang,et al.  Improving the performance of identifying contributors for XML keyword search , 2011, SGMD.

[16]  Mark Johnson,et al.  Specification for the asset reporting format 1.1 , 2011 .

[17]  Rafael Valencia-García,et al.  Basis for an integrated security ontology according to a systematic review of existing proposals , 2011, Comput. Stand. Interfaces.

[18]  Karen A. Scarfone,et al.  Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 , 2011 .

[19]  Alexey Melnikov,et al.  The WebSocket Protocol , 2011, RFC.

[20]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[21]  Karen A. Scarfone,et al.  The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities , 2010 .

[22]  Li Pei,et al.  Design and Research on Vulnerability Database , 2010, 2010 Third International Conference on Information and Computing.

[23]  Simon Edward Parkin,et al.  An information security ontology incorporating human-behavioural implications , 2009, SIN '09.

[24]  Ju An Wang,et al.  Security Data Mining in an Ontology for Vulnerability Management , 2009, 2009 International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing.

[25]  Ju An Wang,et al.  OVM: an ontology for vulnerability management , 2009, CSIIRW '09.

[26]  Adrian Farrel,et al.  Routing Backus-Naur Form (RBNF): A Syntax Used to Form Encoding Rules in Various Routing Protocol Specifications , 2009, RFC.

[27]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.

[28]  Hong-Gee Kim,et al.  An ontology-based approach to learnable focused crawling , 2008, Inf. Sci..

[29]  R.A. Martin,et al.  Making security measurable and manageable , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[30]  Common Event Expression , 2008 .

[31]  Yuri Demchenko,et al.  The Incident Object Description Exchange Format , 2007, RFC.

[32]  Yi Chen,et al.  XSeek: A Semantic XML Search Engine Using Keywords , 2007, VLDB.

[33]  Dimitris Gritzalis,et al.  Towards an Ontology-based Security Management , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[34]  Richard Newman,et al.  Search adaptations and the challenges of the Web , 2005, IEEE Internet Computing.

[35]  Roland H. C. Yap,et al.  A Machine-Oriented Vulnerability Database for Automated Vulnerability Detection and Processing , 2004, LISA.

[36]  Asit Dan,et al.  Web services agreement specification (ws-agreement) , 2004 .

[37]  Feng Shao,et al.  XRANK: ranked keyword search over XML documents , 2003, SIGMOD '03.

[38]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[39]  Marshall T. Rose,et al.  The Blocks Extensible Exchange Protocol Core , 2001, RFC.

[40]  Dieter Fensel,et al.  Ontobroker: Ontology Based Access to Distributed and Semi-Structured Information , 1999, DS-8.

[41]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..