International Journal of Open Information Technologies

This work discusses integration of the DBpedia dataset with NVD (National Vulnerability Database) in order to bring some practical results to knowledge management in the field of software security.

We have automatically mapped entities (software products and vendors), obtained from CPE (Common Platform Enumeration), with the corresponding elements of DBpedia, through the DBpedia Spotlight service. We have manually reviewed the annotation results and linked them into a semantic model. As NVD uses the CPE entities as a naming scheme for software products, the semantic model allows to identify NVD records, related to software products, mentioned in DBpedia; and can be used to extend DBpedia by vulnerabilities related data, and build advanced security models of software products. All the experimental models in the RDF format and Java-based software have freely been published by the GitHub service.

The mapping of NVD with DBpedia based on CPE and DBpedia Spotlight does not seem to be easy. The automatic annotation has suffered from getting general results, instead of specific ones. Also, there is an issue with possibility to choose the most general term in a given sequence. And the last challenge relates to possible incompleteness and inconsistency of the Linked Open Data. It needs to improve annotation techniques in order to involve fully automatic process there.

Färber M. et al. Linked data quality of dbpedia, freebase, opencyc, wikidata, and yago //Semantic Web. – 2018. – Т. 9. – №. 1. – С. 77-129.

A. A. Chechulin, I. V. Kotenko, O. V. Polubelova, Design of the ontology based data model for the network attack modeling system., Trudy SPIIRAN., 2013., Т. 26., pp. 26-39.

Takahashi T., Kadobayashi Y. Reference ontology for cybersecurity operational information //The Computer Journal. – 2015. – Т. 58. – №. 10. – С. 2297-2312.

Takahashi T. et al. Web of cybersecurity: Linking, locating, and discovering structured cybersecurity information //International Journal of Communication Systems. – 2018. – Т. 31. – №. 3. – С. E3470.

Syed Z. et al. UCO: A Unified Cybersecurity Ontology //AAAI Workshop: Artificial Intelligence for Cyber Security. – 2016.

A. Joshi, R. Lal, T. Finin, and A. Joshi, “Extracting Cybersecurity Related Linked Data from Text” in IEEE Seventh International Conference on Semantic Computing, 2013, pp.

–259.

Narayanan S. N. et al. Early Detection of Cybersecurity Threats Using Collaborative Cognition //2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC). – IEEE, 2018. – С. 354-363.

Alqahtani S. S., Rilling J. An ontology-based approach to automate tagging of software artifacts //Proceedings of the 11th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. – IEEE Press, 2017. – С. 169-174.

Lehmann J. et al. DBpedia–a large-scale, multilingual knowledge base extracted from Wikipedia. //Semantic Web. – 2015. – Т. 6. – №. 2. – С. 167-195.

Chabchoub M., Gagnon M., Zouaq A. FICLONE: improving DBpedia spotlight using named entity recognition and collective disambiguation //Open Journal of Semantic Web (OJSW). – 2018. – Т. 5. – №. 1. – С. 12-28.

Kliegr T. Linked hypernyms: Enriching DBpedia with Targeted Hypernym Discovery, Journal of Web Semantics, JWS, Elsevier, 2015.

Milosevic N. Marvin: Semantic annotation using multiple knowledge sources // arXiv preprint arXiv:1602.00515. – 2016.

Mendes P. N. et al. DBpedia spotlight: shedding light on the web of documents. //Proceedings of the 7th international conference on semantic systems. – ACM, 2011. – С. 1-8.

Daiber J. et al. Improving efficiency and accuracy in multilingual entity extraction. //Proceedings of the 9th International Conference on Semantic Systems. – ACM, 2013. – С. 121-124.

Brazhuk A. Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries. //International Journal of Open Information Technologies. – 2019. – Т. 7. – №. 3. – С. 38-41.