摘要: Vulnerability assessment is a vital part of the risk management process. The accuracy and reliability calculated depends on comprehensive correct system vulnerabilities. Current vulnerability techniques fail to consider systems in their entirety consequently are unable identify complex vulnerabilities (i.e. those that due configuration settings unique environments). Complex can exist for example when combination components present configured such way they be collectively misused compromise system. Ontologies have emerged as useful means modeling domains interest. This research shows taking an ontological approach results improved identification By ontologically domain assessment, resulting ontology instantiated with process instantiating doubles technique methodically discovering given system. Furthermore, it suggested will also able queried order discover additional by reasoning through implicit knowledge captured ontology.
springer.com
sci-hub.st 参考文章(15)
Thomas R. Peltier, Information Security Risk Analysis ,(2001)
Andreas Ekelhart, Stefan Fenz, Markus D. Klemen, Edgar R. Weippl, Security Ontology: Simulating Threats to Corporate Assets Information Systems Security. pp. 249- 259 ,(2006) , 10.1007/11961635_17
Kai Rannenberg, Simone Fischer Hübner, Stefan Lindskog, Louise Yngström, Security and Privacy in Dynamic Environments : Proceedings of the IFIP TC-11 21st International Information Security Conference (SEC 2006) Springer Scientific Publishers. ,(2006)
Charles P. Pfleeger, Security in Computing ,(1988)
Andrew Simmonds, Peter Sandilands, Louis van Ekert, An Ontology for Network Security Attacks Lecture Notes in Computer Science. pp. 317- 323 ,(2004) , 10.1007/978-3-540-30176-9_41
Nicola Guarino, Formal ontology, conceptual analysis and knowledge representation International Journal of Human-computer Studies \/ International Journal of Man-machine Studies. ,vol. 43, pp. 625- 640 ,(1995) , 10.1006/IJHC.1995.1066
Victor Raskin, Christian F. Hempelmann, Katrina E. Triezenberg, Sergei Nirenburg, Ontology in information security: a useful theoretical foundation and methodological tool new security paradigms workshop. pp. 53- 59 ,(2001) , 10.1145/508171.508180
B. Tsoumas, D. Gritzalis, Towards an Ontology-based Security Management advanced information networking and applications. ,vol. 1, pp. 985- 992 ,(2006) , 10.1109/AINA.2006.329
Anya Kim, Jim Luo, Myong Kang, Security Ontology for Annotating Resources Lecture Notes in Computer Science. pp. 1483- 1499 ,(2005) , 10.1007/11575801_34
Thomas R. Gruber, Toward principles for the design of ontologies used for knowledge sharing International Journal of Human-computer Studies \/ International Journal of Man-machine Studies. ,vol. 43, pp. 907- 928 ,(1995) , 10.1006/IJHC.1995.1081