信息安全本体研究综述:基于2010—2016年文献分析
|
摘要
结构化的信息安全本体在形式化描述、语义网络建模、行为模式识别与匹配等方面的优势,使得其作为信息安全领域的一种新方法而逐渐受到学者们的关注.为了厘清信息安全本体的研究现状和发展趋势,以2010—2016年公开发表在国内外重要期刊和会议上的158篇有关信息安全本体文献作为研究对象,通过统计分析法,从出版时间、期刊和会议分布、研究方向和研究层次等维度对信息安全本体研究的热点、深入程度以及研究空白之处进行了分析.结果表明,近几年来安全本体的研究关注度呈上升趋势;研究涉及学科范围较广,以计算机、情报类居多;传统网络空间安全领域上关于安全本体的研究如火如荼,新兴领域上的研究尚存在空白之处,实际生产领域的应用研究有待进一步探索.信息安全研究Journal of Information Security Besearch第3卷第2期2017年2月Vol.3 No.2 Feb.2017
The advantages of structured information security ontology,like formal description,semantic network modeling,behavior pattern recognition and matching,made it as a new research method of information security and gained a lot of attention from researchers.To clarify its research status and development trend,we made a bibliometric analysis of 158 articles about information security ontology published in journals and conferences between 2010 and 2016 both in domestic and abroad from the perspectives of publication year,distribution of journals and conferences,research directions,and research levels.Research hotspots,depth,and blanks of information security ontology are analyzed.The results show that the research on security ontology has a rising trend recently,security ontology involves many disciplines,especially computer and information science,and the traditional fields of information security ontology developed rapidly.Meanwhile,there are still some research gaps in the emerging research areas,particularly in the field of application and practice.
The advantages of structured information security ontology,like formal description,semantic network modeling,behavior pattern recognition and matching,made it as a new research method of information security and gained a lot of attention from researchers.To clarify its research status and development trend,we made a bibliometric analysis of 158 articles about information security ontology published in journals and conferences between 2010 and 2016 both in domestic and abroad from the perspectives of publication year,distribution of journals and conferences,research directions,and research levels.Research hotspots,depth,and blanks of information security ontology are analyzed.The results show that the research on security ontology has a rising trend recently,security ontology involves many disciplines,especially computer and information science,and the traditional fields of information security ontology developed rapidly.Meanwhile,there are still some research gaps in the emerging research areas,particularly in the field of application and practice.
引文
[1]张新兴,谈大军.2000—2006年我国基于本体的信息检索研究论文定量分析[J].情报科学.2008,26(7):1016-1021
[2]吴志祥,王昊,姜霖.2007—2011年我国图书情报领域本体研究论文计量分析[J].情报科学.2015,31(10):66-71,84
[3]Donner M.Toward a security ontology[J].IEEE Security and Privacy,2003,1(3):6-7
[4]高建波,张保稳,陈晓桦,等.安全本体研究进展[J].计算机科学,2012,39(8):14-19.41
[5]Noy N F,Mcguinness D L,Ontology development 101:A guide to creating your first ontology[R].Palo Alto,CA:Stanford University,2001
[6]Blanco C,Lasheras J,Fernandez E,et al.Basis for an integrated security ontology according to a systematic review of existing proposals[J].Computer Standards&Interfaces,2011,33(4):372-388
[7]Singh V,Pandey S K.A comparative study of cloud security ontologies[C]//Proc of the 3rd Int Conf on Reliability,Infocom Technologies and Optimization.Piscataway,NJ:IEEE,2014:1-6
[8]Vishik C,Balduccini M.Making sense of future cybersecurity technologies:Using ontologies for multidisciplinary domain analysis[C]//Proc of Int Symp on Systems Engineering Conf.Berlin:Springer,2015:135-145
[9]Siciliam A,Garcia B E,Bermejo H J,et al.What are information security ontologies useful for[C]//Proc of the Research Conf on Metadata and Semantics Research.Berlin:Springer,2015:51-61
[10]赵佳宝,谈晓洁,焦小澄,等.基于本体的工业综合预报警系统设计与实现[J].系统工程与电子技术,2010,32(10):2145-2150
[11]Wang P,Chao K M,Lo C C,et al.Using ontologies to perform threat analysis and develop defensive strategies for mobile security[J].Information Technology and Management,2010,11(1):1-25
[12]席睿,彭长根.空间约束的基于属性和角色的访问控制研究[J].贵州大学学报:自然科学版,2010,27(6):81-85
[13]顾铁军,李毅,顾健,等.网络脆弱性扫描产品标准本体构建及测评工具研究[C]//第28次全国计算机安全学术交流会论文集.合肥:中国科学技术大学出版社.2013:141-143
[14]Razzaq A,Anwar Z,Ahmad H F,et aL Ontology for attack detection:An intelligent approach to web application security[J].Computers&Security,2014,45(3):124-146
[15]Khairkar A D,Kshirsagar D D,Kumar S.Ontology for detection of web attacks[C]//Proc of the Int Conf on Communication Systems and Network Technologies.Piscataway,NJ:IEEE,2013:612-615
[16]郝世博,朱学芳.云图书馆可信服务监督模型及关键技术研究[J].图书情报工作,2014,58(13):113-117,106
[17]Sankat M,Thakur R S,Jaloree S.A framework for building ontology in education domain for knowledge representation[J].International Journal of Computer Science and Information Security,2016,14(3):399-403
[18]刘一阳,张保稳.一种基于信息流的社交网络安全本体模型[J].信息安全与通信保密,2012.12(1):64-66
[19]Takahashi T,Fujiwara H,Kadobayashi Y.Building ontology of cybersecurity operational information[C]//Proc of the 6 th Annual Workshop on Cyber Security and Information Intelligence Research Conf.New York:ACM,2010:87-91
[20]Liccardo L,Rak M,Modica G,et al.Ontology-based negotiation of security requirements in cloud[C]//Proc of the 4th Int Conf on Computational Aspects of Social Networks.Piscataway,NJ:IEEE,2012:192-197
[21]Mangold L V.Using ontologies for adaptive information security training[C]//Proc of the 7 th Int Conf on Availability,Reliability and Security.Piscataway,NJ:IEEE,2012:522-524
[22]Chun S A,Geller J.Developing a pedagogical cybersecurity ontology[C]//Proc of Int Conf on Data Management Technologies and Applications.Berlin;Springer,2014:117-135
[23]Maines C L.Lewellyn J D.Tang S.et al.A cyber security ontology for BPMN-Security extensions[C]//Proc of Int Conf on Computer and Information Technology;Ubiquitous Computing and Communications;Dependable,Autonomic and Secure Computing;Pervasive Intelligence and Computing.Piscataway,NJ:IEEE,2015:1756-1763
[24]Blackwell C.A security ontology for incident Analysis[C]//Proc of the 6th Annual Workshop on Cyber Security and Information Intelligence Research.New York:ACM,2010:46-49
[25]Brahmi I,Brahmi H,Yahia S B.A multi-agents intrusion detection system using ontology and clustering techniques[C]//Proc of Int Conf on Computer Science and Its Applications.Berlin:Springer,2015:381-393
[26]Choi C,Choi J,Kim P.Ontology-based access control model for security policy reasoning in cloud computing[J].The Journal of Supercomputing,2014,67(3):711-722
[27]Si C,Zhang H,Wang Y,et al.Network security situation elements fusion method based on ontology[C]//Proc of the7th Int Symp on Computational Intelligence and Design.Piscataway,NJ:IEEE,2014:272-275
[28]Solic K,Ocevcic H,Golub M.The information systems'security level assessment model based on an ontology and evidential reasoning approach[J].Computers&Security,2015,55:100-112
[29]Fenz S.An ontology and bayesian-based approach for determining threat probabilities[C]//Proc of the 6th ACM Symp on Information,Computer and Communications Security.New York:ACM,2011:344-354
[2]吴志祥,王昊,姜霖.2007—2011年我国图书情报领域本体研究论文计量分析[J].情报科学.2015,31(10):66-71,84
[3]Donner M.Toward a security ontology[J].IEEE Security and Privacy,2003,1(3):6-7
[4]高建波,张保稳,陈晓桦,等.安全本体研究进展[J].计算机科学,2012,39(8):14-19.41
[5]Noy N F,Mcguinness D L,Ontology development 101:A guide to creating your first ontology[R].Palo Alto,CA:Stanford University,2001
[6]Blanco C,Lasheras J,Fernandez E,et al.Basis for an integrated security ontology according to a systematic review of existing proposals[J].Computer Standards&Interfaces,2011,33(4):372-388
[7]Singh V,Pandey S K.A comparative study of cloud security ontologies[C]//Proc of the 3rd Int Conf on Reliability,Infocom Technologies and Optimization.Piscataway,NJ:IEEE,2014:1-6
[8]Vishik C,Balduccini M.Making sense of future cybersecurity technologies:Using ontologies for multidisciplinary domain analysis[C]//Proc of Int Symp on Systems Engineering Conf.Berlin:Springer,2015:135-145
[9]Siciliam A,Garcia B E,Bermejo H J,et al.What are information security ontologies useful for[C]//Proc of the Research Conf on Metadata and Semantics Research.Berlin:Springer,2015:51-61
[10]赵佳宝,谈晓洁,焦小澄,等.基于本体的工业综合预报警系统设计与实现[J].系统工程与电子技术,2010,32(10):2145-2150
[11]Wang P,Chao K M,Lo C C,et al.Using ontologies to perform threat analysis and develop defensive strategies for mobile security[J].Information Technology and Management,2010,11(1):1-25
[12]席睿,彭长根.空间约束的基于属性和角色的访问控制研究[J].贵州大学学报:自然科学版,2010,27(6):81-85
[13]顾铁军,李毅,顾健,等.网络脆弱性扫描产品标准本体构建及测评工具研究[C]//第28次全国计算机安全学术交流会论文集.合肥:中国科学技术大学出版社.2013:141-143
[14]Razzaq A,Anwar Z,Ahmad H F,et aL Ontology for attack detection:An intelligent approach to web application security[J].Computers&Security,2014,45(3):124-146
[15]Khairkar A D,Kshirsagar D D,Kumar S.Ontology for detection of web attacks[C]//Proc of the Int Conf on Communication Systems and Network Technologies.Piscataway,NJ:IEEE,2013:612-615
[16]郝世博,朱学芳.云图书馆可信服务监督模型及关键技术研究[J].图书情报工作,2014,58(13):113-117,106
[17]Sankat M,Thakur R S,Jaloree S.A framework for building ontology in education domain for knowledge representation[J].International Journal of Computer Science and Information Security,2016,14(3):399-403
[18]刘一阳,张保稳.一种基于信息流的社交网络安全本体模型[J].信息安全与通信保密,2012.12(1):64-66
[19]Takahashi T,Fujiwara H,Kadobayashi Y.Building ontology of cybersecurity operational information[C]//Proc of the 6 th Annual Workshop on Cyber Security and Information Intelligence Research Conf.New York:ACM,2010:87-91
[20]Liccardo L,Rak M,Modica G,et al.Ontology-based negotiation of security requirements in cloud[C]//Proc of the 4th Int Conf on Computational Aspects of Social Networks.Piscataway,NJ:IEEE,2012:192-197
[21]Mangold L V.Using ontologies for adaptive information security training[C]//Proc of the 7 th Int Conf on Availability,Reliability and Security.Piscataway,NJ:IEEE,2012:522-524
[22]Chun S A,Geller J.Developing a pedagogical cybersecurity ontology[C]//Proc of Int Conf on Data Management Technologies and Applications.Berlin;Springer,2014:117-135
[23]Maines C L.Lewellyn J D.Tang S.et al.A cyber security ontology for BPMN-Security extensions[C]//Proc of Int Conf on Computer and Information Technology;Ubiquitous Computing and Communications;Dependable,Autonomic and Secure Computing;Pervasive Intelligence and Computing.Piscataway,NJ:IEEE,2015:1756-1763
[24]Blackwell C.A security ontology for incident Analysis[C]//Proc of the 6th Annual Workshop on Cyber Security and Information Intelligence Research.New York:ACM,2010:46-49
[25]Brahmi I,Brahmi H,Yahia S B.A multi-agents intrusion detection system using ontology and clustering techniques[C]//Proc of Int Conf on Computer Science and Its Applications.Berlin:Springer,2015:381-393
[26]Choi C,Choi J,Kim P.Ontology-based access control model for security policy reasoning in cloud computing[J].The Journal of Supercomputing,2014,67(3):711-722
[27]Si C,Zhang H,Wang Y,et al.Network security situation elements fusion method based on ontology[C]//Proc of the7th Int Symp on Computational Intelligence and Design.Piscataway,NJ:IEEE,2014:272-275
[28]Solic K,Ocevcic H,Golub M.The information systems'security level assessment model based on an ontology and evidential reasoning approach[J].Computers&Security,2015,55:100-112
[29]Fenz S.An ontology and bayesian-based approach for determining threat probabilities[C]//Proc of the 6th ACM Symp on Information,Computer and Communications Security.New York:ACM,2011:344-354