Information & Management ( IF 8.2 ) Pub Date : 2020-06-11 , DOI: 10.1016/j.im.2020.103334 Romilla Syed
Effective vulnerability management requires the integration of vulnerability information available on multiple sources, including social media. The information could be used to inform common users about impending vulnerabilities and countermeasures. First, we present the Cybersecurity Vulnerability Ontology (CVO), a conceptual model for formal knowledge representation of the vulnerability management domain. Second, we utilize the CVO to design a Cyber Intelligence Alert (CIA) system that issues cyber alerts about vulnerabilities and countermeasures. We rigorously evaluated the CVO as well as the accuracy, performance, and usefulness of the CIA system. Key contributions of this study to research and practice are discussed.
中文翻译:
网络安全漏洞管理:概念本体和网络智能警报系统
有效的漏洞管理要求集成可在多个来源(包括社交媒体)上获得的漏洞信息。该信息可用于通知普通用户即将出现的漏洞和对策。首先,我们介绍网络安全漏洞本体(CVO),这是用于漏洞管理域的正式知识表示的概念模型。其次,我们利用CVO设计了一个网络智能警报(CIA)系统,该系统发布有关漏洞和对策的网络警报。我们严格评估了CIA系统的CVO以及准确性,性能和实用性。讨论了这项研究对研究和实践的关键贡献。