Re: Linked Open Data for CVEs (Common Vulnerabilities and Exposures) ? from Tim Finin on 2013-07-12 (public-lod@w3.org from July 2013)

From: Tim Finin <finin@cs.umbc.edu>
Date: Fri, 12 Jul 2013 12:31:14 -0400
To: public-lod@w3.org
Message-ID: <51E02F52.6010906@cs.umbc.edu>
On 7/12/13 11:46 AM, Olivier Berger wrote:
> Has anyone met a good reference for Linked Open Data about security
> vulnerabilities like CVEs [0], NVDs and likes?

Our lab has been working on a system that extracts security-related
information from text and from the NVD databases and represents it in
RDF as linked data.  We have a recent paper whose final version will be
available in another week.  We will put a preprint on our Web site then.

   Arnav Joshi, Ravendar Lal, Tim Finin and Anupam, Extracting
   cybersecurity related linked data from text, Seventh IEEE
   Int. Conf. on Semantic Computing, September 2013.

   Abstract: The Web is often the first source of information to
   track software vulnerabilities, exploits and cyberattacks. An
   important source is information found in text from security
   bulletins, vulnerability databases, news reports, cybersecurity
   blogs and Internet chat rooms. However these texts are
   extensive and mostly unstructured. We describe an end-to-end
   framework, that extracts concepts related to security
   information from unstructured text, maps them to an OWL
   ontology that models relations between security concepts and
   vulnerabilities, and generates an RDF linked data resource
   using best practices from the linked open data. The information
   extraction component filters relevant information from text,
   using the vocabulary. The extracted terms are then mapped to
   related concepts from DBpedia and a custom ontology for
   cybersecurity related concepts.

This builds on earlier work described in these papers:

   M. Lisa Mathews, Paul Halvorsen, Anupam Joshi and Tim Finin, A
   Collaborative Approach to Situational Awareness for
   CyberSecurity, 8th IEEE Int. Conf. on Collaborative Computing:
   Networking, Applications and Worksharing, Pittsburgh PA, 14-17
   Oct 2012. http://ebiq.org/p/604

   Sumit More, Mary Mathews, Anupam Joshi and Tim Finin, A
   Knowledge-Based Approach To Intrusion Detection Modeling, Proc
   IEEE Workshop on Semantic Computing and Security, pp. 75-81,
   IEEE Computer Society, May 2012.  http://ebiq.org/p/586

   Varish Mulwad, Wenjia Li, Anupam Joshi, Tim Finin, and
   Krishnamurthy Viswanathan, Extracting Information about
   Security Vulnerabilities from Web Text, Proc. Web Intelligence
   for Information Security Workshop, August 2011, Lyon, France,
   IEEE Computer Society Press.  http://ebiq.org/p/540

You might also look at a technical report from UTD:

   Khadilkar, V., J. Rachapalli, and B. Thuraisingham. "Semantic
   web implementation scheme for national vulnerability database."
   Univ. of Texas at Dallas, Tech. Rep. UTDCS-01-10 (2010).
   http://utdallas.edu/~vvk072000/Research/NIST-NVD/TechReport.pdf



-- 
Tim Finin, Computer Science & Electrical Eng., U. of Maryland, Baltimore
County, 1000 Hilltop Circle, Baltimore MD 21250. http://umbc.edu/~finin/
finin@umbc.edu skype:timFinin o:4104553522 fax:4104553969 mob:4104993522
Received on Friday, 12 July 2013 16:31:39 UTC