Skip to main content
SpringerLink
Log in

The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity

  • Conference paper
  • First Online:
The Semantic Web – ISWC 2019 (ISWC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11779))

Included in the following conference series:

Abstract

This paper introduces an evolving cybersecurity knowledge graph that integrates and links critical information on real-world vulnerabilities, weaknesses and attack patterns from various publicly available sources. Cybersecurity constitutes a particularly interesting domain for the development of a domain-specific public knowledge graph, particularly due to its highly dynamic landscape characterized by time-critical, dispersed, and heterogeneous information. To build and continually maintain a knowledge graph, we provide and describe an integrated set of resources, including vocabularies derived from well-established standards in the cybersecurity domain, an ETL workflow that updates the knowledge graph as new information becomes available, and a set of services that provide integrated access through multiple interfaces. The resulting semantic resource offers comprehensive and integrated up-to-date instance information to security researchers and professionals alike. Furthermore, it can be easily linked to locally available information, as we demonstrate by means of two use cases in the context of vulnerability assessment and intrusion detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.mitre.org.

  2. 2.

    https://nist.gov.

  3. 3.

    Available at https://w3id.org/sepses/cyber-kg.

  4. 4.

    Semantic Processing of Security Event Streams is an ongoing research project.

  5. 5.

    36,594,388 triples as of July 2, 2019.

  6. 6.

    https://sepses.ifs.tuwien.ac.at.

  7. 7.

    https://www.mitre.org.

  8. 8.

    For a review of standards for the exchange of security information, cf. [1].

  9. 9.

    https://cve.mitre.org.

  10. 10.

    https://capec.mitre.org.

  11. 11.

    https://cwe.mitre.org.

  12. 12.

    https://cpe.mitre.org.

  13. 13.

    https://www.first.org/cvss/.

  14. 14.

    https://github.com/stucco.

  15. 15.

    https://oasis-open.github.io/cti-documentation/.

  16. 16.

    https://attack.mitre.org.

  17. 17.

    https://github.com/Ebiquity/Unified-Cybersecurity-Ontology.

  18. 18.

    https://github.com/daedafusion/cyber-ontology.

  19. 19.

    Most commonly as XML or JSON files.

  20. 20.

    The figure omits detailed concepts for the sake of clarity. The complete vocabularies can be found at https://github.com/sepses/vocab.

  21. 21.

    https://www.first.org/cvss/specification-document.

  22. 22.

    cf. https://nvd.nist.gov/vuln/data-feeds.

  23. 23.

    https://github.com/carml/carml.

  24. 24.

    https://jena.apache.org.

  25. 25.

    In some cases, this reduced processing time from appr. an hour to less than a minute.

  26. 26.

    https://w3id.org/sepses.

  27. 27.

    e.g., https://w3id.org/sepses/resource/cve/CVE-2014-0160.

  28. 28.

    https://w3id.org/sepses/sparql.

  29. 29.

    https://ldf-server.sepses.ifs.tuwien.ac.at.

  30. 30.

    https://w3id.org/sepses/dumps/.

  31. 31.

    https://github.com/sepses/cyber-kg-converter.

  32. 32.

    https://opensource.org/licenses/MIT.

  33. 33.

    The original raw data are published by MITRE with a no-charge copyright license and by NVD without copyright.

  34. 34.

    Prefixes identical to Listing 1.

  35. 35.

    e.g., https://w3id.org/sepses/resource/cve/CVE-2016-1646.

  36. 36.

    https://www.snort.org.

  37. 37.

    https://www.snort.org/downloads.

  38. 38.

    https://w3id.org/sepses/vocab/rule/snort.

  39. 39.

    https://maccdc.org/2012-agenda/, source: https://www.secrepo.com.

  40. 40.

    https://w3id.org/sepses/vocab/log/snort-alert.

  41. 41.

    Prefixes from Listing 1 are reused.

References

  1. Dandurand, et al.: Standards and tools for exchange and processing of actionable information. European Union Agency for Network and Information Security, Luxembourg (2015)

    Google Scholar 

  2. Ekelhart, A., Fenz, S., Neubauer, T.: Aurum: a framework for information security risk management. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (2009). https://doi.org/10.1109/HICSS.2009.82

  3. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (2009). https://doi.org/10.1145/1533057.1533084

  4. Guo, M., Wang, J.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: ASEE Southeastern Section Annual Conference (2009)

    Google Scholar 

  5. Iannacone, M., et al.: Developing an ontology for cyber security knowledge graphs (2015). https://doi.org/10.1145/2746266.2746278

  6. Kim, A., Luo, J., Kang, M.: Security ontology for annotating resources. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3761, pp. 1483–1499. Springer, Heidelberg (2005). https://doi.org/10.1007/11575801_34

    Chapter  Google Scholar 

  7. Martimiano, A., Moreira, E.S.: An owl-based security incident ontology. In: Proceedings of the Eighth International Protege Conference (2005)

    Google Scholar 

  8. Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: Proceedings of the 7th International Conference on Semantic Technologies for Intelligence, Defense, and Security (2012)

    Google Scholar 

  9. Oltramari, A., Cranor, L., Walls, R., McDaniel, P.: Building an ontology of cyber security. In: Proceedings of the 9th Conference on Semantic Technology for Intelligence, Defense, and Security (2014)

    Google Scholar 

  10. Raskin, V., Hempelmann, C., Triezenberg, K., Nirenburg, S.: Ontology in information security: a useful theoretical foundation and methodological tool. In: Proceedings of the 2001 Workshop on New Security Paradigms (2001). https://doi.org/10.1145/508171.508180

  11. Schumacher, M.: Toward a security core ontology. Security Engineering with Patterns. LNCS, vol. 2754, pp. 87–96. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45180-8_6

    Chapter  MATH  Google Scholar 

  12. Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) CAiSE 2012. LNBIP, vol. 112, pp. 61–69. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31069-0_5

    Chapter  Google Scholar 

  13. Syed, Z., Padia, A., Mathews, M., Finin, T., Joshi, A.: UCO: a unified cybersecurity ontology. In: Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security (2016)

    Google Scholar 

  14. Ulicny, B., Moskal, J., Kokar, M., Abe, K., Smith, J.: Inference and ontologies (2014). https://doi.org/10.1007/978-3-319-11391-3_9

    Google Scholar 

  15. Undercoffer, J., Joshi, A., Pinkston, J.: Modeling computer attacks: an ontology for intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45248-5_7

    Chapter  Google Scholar 

  16. Wang, J., Guo, M.: Security data mining in an ontology for vulnerability management. In: 2009 International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing (2009). https://doi.org/10.1109/IJCBS.2009.13

  17. Wang, J., Guo, M., Camargo, J.: An ontological approach to computer system security. Inf. Secur. J.: A Global Perspect. 19(2) (2010). https://doi.org/10.1080/19393550903404902

    Google Scholar 

Download references

Acknowledgments

This work has been supported by netidee SCIENCE, the Austrian Science Fund (FWF) under grant P30437-N31, and the Christian Doppler Research Association. The competence center SBA Research (SBA-K1) is funded within the framework of COMET—Competence Centers for Excellent Technologies by BMVIT, BMDW, and the federal state of Vienna, managed by the FFG.

Author information

Authors and Affiliations

  1. TU Wien, Favoritenstraße 9-11, Vienna, Austria

    Elmar Kiesling, Andreas Ekelhart, Kabul Kurniawan & Fajar Ekaputra

  2. SBA Research, Favoritenstraße 16, Vienna, Austria

    Andreas Ekelhart

  3. University of Vienna, Währingerstraße 29, Vienna, Austria

    Kabul Kurniawan

  4. CDL-SQI - TU Wien, Favoritenstraße 9-11, Vienna, Austria

    Fajar Ekaputra

Authors
  1. Elmar Kiesling
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Ekelhart
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kabul Kurniawan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fajar Ekaputra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elmar Kiesling .

Editor information

Editors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Chiara Ghidini

  2. Linköping University, Linköping, Sweden

    Olaf Hartig

  3. University of Bonn, Bonn, Germany

    Maria Maleshkova

  4. University of Economics Prague, Prague, Czech Republic

    Vojtěch Svátek

  5. University of Illinois at Chicago, Chicago, IL, USA

    Isabel Cruz

  6. University of Chile, Santiago, Chile

    Aidan Hogan

  7. Memect Technology, Beijing, China

    Jie Song

  8. Mines Saint-Etienne, Saint-Etienne, France

    Maxime Lefrançois

  9. Inria Sophia Antipolis - Méditerranée, Sophia Antipolis, France

    Fabien Gandon

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

© 2019 The Author(s)

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F. (2019). The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity. In: Ghidini, C., et al. The Semantic Web – ISWC 2019. ISWC 2019. Lecture Notes in Computer Science(), vol 11779. Springer, Cham. https://doi.org/10.1007/978-3-030-30796-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30796-7_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30795-0

  • Online ISBN: 978-3-030-30796-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation