Security Data Mining in an Ontology for Vulnerability Management

Information security is such a complex topic that the sheer scope and volume of available security data overwhelms security professionals and managers alike. This paper discusses the rationale of applying semantic technology to information security with a focus on software vulnerability management. With semantic technologies, we can describe the pattern of external threats and internal vulnerabilities formally and precisely. Based on this, we can make inference and make high-level decisions accordingly. We have constructed an ontology for security vulnerabilities, which defines the key concepts in vulnerability management and their relationships. We introduce the design and reasoning within the ontology with examples in vulnerability analysis and assessment. The result of this paper provides a promising pathway to making security automation successful through semantic technologies.