Threat modeling is of increasing importance to IT security, and it is a complex and resource demanding task. The aim of automating threat modeling is to simplify model creation by using data that are already available. However, the collected data often lack context; this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler. The lack of domain knowledge in modeling automation can be addressed with ontologies. In this paper, we introduce an ontology framework to improve automatic threat modeling. The framework is developed with conceptual modeling and validated using three different datasets: a small scale utility lab, water utility control network, and university IT environment. The framework produced successful results such as standardizing input sources, removing duplicate name entries, and grouping application software more logically.

中文翻译：

---

使用本体框架自动化威胁建模

威胁建模对 IT 安全的重要性日益增加，并且是一项复杂且需要资源的任务。自动化威胁建模的目的是通过使用已经可用的数据来简化模型创建。然而，收集的数据往往缺乏背景；这会使自动化模型在领域知识方面不如由专业人类建模师创建的模型精确。建模自动化领域知识的缺乏可以通过本体来解决。在本文中，我们引入了一个本体框架来改进自动威胁建模。该框架是通过概念建模开发的，并使用三个不同的数据集进行验证：小型公用事业实验室、供水公司控制网络和大学 IT 环境。该框架产生了成功的结果，例如标准化输入源，