Title :
Security Data Mining in an Ontology for Vulnerability Management
Author :
Wang, Ju An ; Guo, Minzhe
Author_Institution :
Sch. of Comput. & Software Eng., Southern Polytech. State Univ., Marietta, GA, USA
Abstract :
Information security is such a complex topic that the sheer scope and volume of available security data overwhelms security professionals and managers alike. This paper discusses the rationale of applying semantic technology to information security with a focus on software vulnerability management. With semantic technologies, we can describe the pattern of external threats and internal vulnerabilities formally and precisely. Based on this, we can make inference and make high-level decisions accordingly. We have constructed an ontology for security vulnerabilities, which defines the key concepts in vulnerability management and their relationships. We introduce the design and reasoning within the ontology with examples in vulnerability analysis and assessment. The result of this paper provides a promising pathway to making security automation successful through semantic technologies.
Keywords :
data mining; decision making; inference mechanisms; ontologies (artificial intelligence); security of data; high-level decision making; inference mechanism; information security automation; ontology reasoning; security data mining; semantic technology; software vulnerability management; Biology computing; Conference management; Data mining; Data security; Engineering management; Information security; Ontologies; Risk management; Software engineering; Technology management; Information security; Measurement; Ontology; Semantic technology; Software vulnerabilities;
Conference_Titel :
Bioinformatics, Systems Biology and Intelligent Computing, 2009. IJCBS '09. International Joint Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3739-9
DOI :
10.1109/IJCBS.2009.13
