Linked Data for Software Security Concepts and Vulnerability Descriptions.

摘要

The Web is typically our first source of information about new software vulnerabilities, exploits and cyber-attacks. Information is found in semi-structured vulnerability databases as well as in text from security bulletins, news reports, cybersecurity blogs and Internet chat rooms. It can be useful to cybersecurity systems if there is a way to recognize and extract relevant information and represent it as easily shared and integrated semantic data. We describe such an automatic framework that generates and publishes a RDF linked data representation of cybersecurity concepts and vulnerability descriptions extracted from the National Vulnerability Database and other text sources. Entities, relations and concepts are represented using custom ontologies for the cybersecurity domain and also mapped to objects in the DBpedia knowledge base, producing a rich resource of machine-understandable linked data. The resulting cybersecurity linked data collection can be used for many purposes, including automating early vulnerability identification, mitigation and prevention efforts.