On 7/12/13 11:46 AM, Olivier Berger wrote:
Has anyone met a good reference for Linked Open Data about security vulnerabilities like CVEs [0], NVDs and likes?
Our lab has been working on a system that extracts security-related information from text and from the NVD databases and represents it in RDF as linked data. We have a recent paper whose final version will be available in another week. We will put a preprint on our Web site then. Arnav Joshi, Ravendar Lal, Tim Finin and Anupam, Extracting cybersecurity related linked data from text, Seventh IEEE Int. Conf. on Semantic Computing, September 2013. Abstract: The Web is often the first source of information to track software vulnerabilities, exploits and cyberattacks. An important source is information found in text from security bulletins, vulnerability databases, news reports, cybersecurity blogs and Internet chat rooms. However these texts are extensive and mostly unstructured. We describe an end-to-end framework, that extracts concepts related to security information from unstructured text, maps them to an OWL ontology that models relations between security concepts and vulnerabilities, and generates an RDF linked data resource using best practices from the linked open data. The information extraction component filters relevant information from text, using the vocabulary. The extracted terms are then mapped to related concepts from DBpedia and a custom ontology for cybersecurity related concepts. This builds on earlier work described in these papers: M. Lisa Mathews, Paul Halvorsen, Anupam Joshi and Tim Finin, A Collaborative Approach to Situational Awareness for CyberSecurity, 8th IEEE Int. Conf. on Collaborative Computing: Networking, Applications and Worksharing, Pittsburgh PA, 14-17 Oct 2012. http://ebiq.org/p/604 Sumit More, Mary Mathews, Anupam Joshi and Tim Finin, A Knowledge-Based Approach To Intrusion Detection Modeling, Proc IEEE Workshop on Semantic Computing and Security, pp. 75-81, IEEE Computer Society, May 2012. http://ebiq.org/p/586 Varish Mulwad, Wenjia Li, Anupam Joshi, Tim Finin, and Krishnamurthy Viswanathan, Extracting Information about Security Vulnerabilities from Web Text, Proc. Web Intelligence for Information Security Workshop, August 2011, Lyon, France, IEEE Computer Society Press. http://ebiq.org/p/540 You might also look at a technical report from UTD: Khadilkar, V., J. Rachapalli, and B. Thuraisingham. "Semantic web implementation scheme for national vulnerability database." Univ. of Texas at Dallas, Tech. Rep. UTDCS-01-10 (2010). http://utdallas.edu/~vvk072000/Research/NIST-NVD/TechReport.pdf -- Tim Finin, Computer Science & Electrical Eng., U. of Maryland, Baltimore County, 1000 Hilltop Circle, Baltimore MD 21250. http://umbc.edu/~finin/ [email protected] skype:timFinin o:4104553522 fax:4104553969 mob:4104993522
