With the growing number of cyberthreats and increasing demands for high-quality information security, there is a pressing need to systematize fragmented knowledge about vulnerabilities and threats. This paper proposes an ontological approach for the formalization and integration of data from the Vulnerability and Threat Database maintained by the Federal Service for Technical and Export Control of Russia, as well as from regulatory and methodological documents governing information security practices. The developed ontology encompasses not only structured knowledge of vulnerabilities and threats, but also explicitly models both direct and indirect relationships among entities, enabling meaningful inferences for cybersecurity professionals. Unlike existing solutions that rely primarily on foreign sources and technical databases, the developed ontology incorporates Russian regulatory documents and enables the establishment of semantic links between threats, vulnerabilities, protection measures, and affected assets. The article describes the ontology’s structure, the sources utilized, and the mechanisms employed to establish semantic links between its components. Practical examples are provided to illustrate the application of the ontology for risk assessment and the automation of various information security processes. The study highlights the potential of the proposed approach to enhance the efficiency and speed of decision-making in the field of cybersecurity.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Formalizing Knowledge on Vulnerabilities and Threats: An Ontological Approach Based on the FSTEC VDB

  • Maxim Gorda,
  • Dmitry Levshun

摘要

With the growing number of cyberthreats and increasing demands for high-quality information security, there is a pressing need to systematize fragmented knowledge about vulnerabilities and threats. This paper proposes an ontological approach for the formalization and integration of data from the Vulnerability and Threat Database maintained by the Federal Service for Technical and Export Control of Russia, as well as from regulatory and methodological documents governing information security practices. The developed ontology encompasses not only structured knowledge of vulnerabilities and threats, but also explicitly models both direct and indirect relationships among entities, enabling meaningful inferences for cybersecurity professionals. Unlike existing solutions that rely primarily on foreign sources and technical databases, the developed ontology incorporates Russian regulatory documents and enables the establishment of semantic links between threats, vulnerabilities, protection measures, and affected assets. The article describes the ontology’s structure, the sources utilized, and the mechanisms employed to establish semantic links between its components. Practical examples are provided to illustrate the application of the ontology for risk assessment and the automation of various information security processes. The study highlights the potential of the proposed approach to enhance the efficiency and speed of decision-making in the field of cybersecurity.