基于跨领域本体的信息安全分析

doi:10.3969/j.issn.1671-1122.2020.09.017

信息网络安全 ›› 2020, Vol. 20 ›› Issue (9): 82-86.doi: 10.3969/j.issn.1671-1122.2020.09.017

基于跨领域本体的信息安全分析

刘红¹^,²(), 谢永恒¹, 王国威³, 蒋帅³

1. 北京锐安科技有限公司,北京 100192
2. 北京市网络空间数据分析与应用工程技术中心,北京 100192
3. 北京市公安局,北京 100055

收稿日期:2020-07-16 出版日期:2020-09-10 发布日期:2020-10-15
通讯作者: 刘红 E-mail:liuhong@bjrun.com
作者简介:刘红（1982—）,女,北京,博士,主要研究方向为信息安全|谢永恒（1972—）,男,湖北,硕士,主要研究方向为大数据|王国威（1977—）,女,北京,硕士,主要研究方向为信息安全|蒋帅（1989—）,男,河北,本科,主要研究方向为信息安全
基金资助:
国家重点研发计划(2019YFC0850201)

Ontology-based Cross-domain Security Analysis

LIU Hong¹^,²(), XIE Yongheng¹, WANG Guowei³, JIANG Shuai³

1. Run Technologies Co., Ltd. Beijing, Beijing 100192, China
2. Beijing Cyberspace Data Analysis and Applied Engineering Technology Research Center, Beijing 100192, China
3. Beijing Municipal Bureau of Public Security, Beijing 100055, China

Received:2020-07-16 Online:2020-09-10 Published:2020-10-15
Contact: LIU Hong E-mail:liuhong@bjrun.com

摘要/Abstract

摘要：

当前,硬件安全、信息物理系统安全、供应链安全等跨领域、跨学科的安全问题呈快速增长趋势,缺乏有效手段对其进行统一、系统性的描述,给涉及多学科安全问题的分析、评估和预测造成困难。文章提出通过构建跨领域本体的方法,实现对多领域、多学科信息安全问题进行统一的表示和分析,对相似攻击和防御手段进行融合,形成多学科安全知识库,从而有效发现、预警潜在的安全问题。

关键词: 网络空间安全, 安全本体, 硬件安全, 知识图谱

Abstract:

Today security threats that involve multiple disciplines or research areas, such as hardware security, cyber-physical security, and supply-chain security, are growing rapidly. However, there are no efficient methods to treat multidisciplinary security in a unified and systematical way making it difficult to analyze, evaluate, and predict these security problems. This paper proposes an approach that utilizes cross-domain ontologies to express and analyze security problems that involve several research areas. This method can helps in merging attacks and countermeasures, building multidisciplinary security knowledge base, and discovering new threats.

Key words: cyber-security, security ontology, hardware security, knowledge graph

中图分类号:

TP309

刘红, 谢永恒, 王国威, 蒋帅. 基于跨领域本体的信息安全分析[J]. 信息网络安全, 2020, 20(9): 82-86.

LIU Hong, XIE Yongheng, WANG Guowei, JIANG Shuai. Ontology-based Cross-domain Security Analysis[J]. Netinfo Security, 2020, 20(9): 82-86.

图/表 4

参考文献 12

[1]	FENZ S, EKELHART A. Formalizing Information Security Knowledge[C]// ACM. 4th International Symposium on Information, Computer, and Communications Security, March 10, 2009, Sydney, NSW, Australia. New York: ACM, 2009: 183-194.
[2]	SYED Z, PADIA A, FININ T, et al. A Unified Cybersecurity Ontology[C]// AAAI. 13th AAAI Conference on Artificial Intelligence, February 12, 2016, Phoenix, Arizona, USA. Palo Alto: AAAI, 2016: 80-87.
[3]	MAVROEIDIS V, BROMANDER S. Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence[C]// IEEE. European Intelligence and Security Informatics Conference(EISIC), September 11, 2017, Attica, Greece. New York: IEEE, 2017: 91-98.
[4]	MAI Chengcheng, ZHOU Jiakun, ZHU Han, et al. A Review on Security Ontology: Document Analysis from 2010 to 2016[J]. Journal of Information Security Research, 2017,3(2):151-159.
[5]	The CyBOK Project Team. The Cyber Security Body of Knowledge: Hardware Security Knowledge Tree version 1.0[EB/OL]. https://www.cybok.org/, 2020-6-11.
[6]	BORST P, AKKERMANS H. Engineering Ontologies[J]. International Journal of Human-Computer Studies, 1997,46(2-3):365-406. doi: 10.1006/ijhc.1996.0096 URL
[7]	HWAITAT A A, SHAHEEN A, ADHIM K, ARKEBAT E N, et al. Computer Hardware Components Ontology[J]. Modern Applied Science, 2018,12(3):35-40.
[8]	HACHEM S, TEIXEIRA T, ISSARNY V. Ontologies for the Internet of Things[C]// Springer. 12th International Middleware Conference, December 12, 2011, Lisbon, Portugal. Heidelberg: Springer, 2011: 1-6.
[9]	BOUTEKKOUK F. Towards an Ontology-driven Intellectual Properties Reuse for Systems on Chip Design[C]// INASE. International Conference on Systems, Control, Signal Processing and Informatics, July 16, 2013, Rhodes Island, Greece. London: INASE, 2013: 394-399.
[10]	NOY N F, MUSEN M A. Algorithm and Tool for Automated Ontology Merging and Alignment[C]// AAAI. 17th National Conference on Artificial Intelligence(AAAI-00), July 30, 2000, Austin, Texas, USA. Palo Alto: AAAI, 2000: 450-455.
[11]	MARQUARDT P, VERMA A, CARTER H, et al. (sp)iPhone: Decoding Vibrations from Nearby Keyboards using Mobile Phone Accelerometers[C]// ACM. 18th ACM Conference on Computer and Communications Security, October 17, 2011, Chicago, Illnois, USA. New York: ACM, 2011: 551-562.
[12]	SHUMAILOV I, SIMON L, YAN J, et al. Hearing Your Touch: A New Acoustic Side Channel on Smartphones[EB/OL]. https://arxiv.org/pdf/1903.11137, 2020-6-11.

基于跨领域本体的信息安全分析

Ontology-based Cross-domain Security Analysis

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 12

相关文章 9

编辑推荐

Metrics

本文评价

[1]	陶源, 黄涛, 李末岩, 胡巍. 基于知识图谱驱动的网络安全等级保护日志审计分析模型研究[J]. 信息网络安全, 2020, 20(1): 46-51.
[2]	高孟茹, 谢方军, 董红琴, 林祥. 面向关键信息基础设施的网络安全评价体系研究[J]. 信息网络安全, 2019, 19(9): 111-114.
[3]	刘延华, 高晓玲, 朱敏琛, 苏培煌. 基于数据特征学习的网络安全数据分类方法研究[J]. 信息网络安全, 2019, 19(10): 50-56.
[4]	梁中, 周嘉坤, 朱汉, 陈波. 基于安全本体的信息安全知识聚合技术研究[J]. 信息网络安全, 2017, 17(4): 78-85.
[5]	王绍节, 龙春, 万巍, 赵静. 基于网络空间安全实时数据的HDFS小文件问题研究[J]. 信息网络安全, 2017, 17(10): 81-85.
[6]	赵艳玲. 美国改变网络空间安全游戏规则的新理念与新技术[J]. 信息网络安全, 2015, 15(9): 50-53.
[7]	陈华山, 皮兰, 刘峰, 林东岱. 网络空间安全科学基础的研究前沿及发展趋势[J]. 信息网络安全, 2015, 15(3): 1-5.
[8]	李战宝，张文贵. 网络抗压能力是网络空间安全发展的新理念[J]. 信息网络安全, 2014, 14(9): 76-79.
[9]	蔡翠红. 美国国家信息安全战略的演变与评价[J]. , 2010, (1): 0-0.