Towards an Automatic Approach to the Design of A Generic Ontology for Information Security

Ontology modeling plays an important role in broadening the scope of cognitive Artificial Intelligence and Data Science. In this paper, we propose an automatic approach to the design of a generic Information Security ontology. Starting from a comprehensive information security online dictionary, we automatically explore dictionary content to extract security related concepts and their hierarchical relationships. The process is fully automatic and leads to a concept-wide complete ontology. It encompasses web scrapping, concepts classification, pre-processing, archetypes identification, and ontology design. We use classification method and Natural Language Processing techniques to identify and regroup concepts. The obtained ontology is formed by several graph components. Each gives a security concern, which is a concept that is a root in a hierarchical relationship with other concepts. Isolated concepts are called trivial concerns. The ontology contains 2518 concepts and attributes regrouped into 1166 trivial and non-trivial concerns. It is captured in an XML format that can be automatically transformed into a graphML format. These two formats enable the total or partial usage, and the browsing of the ontology. Then, using graph theory terminology, we define the notions of archetypes and concept-attributes. The obtained ontology while it is concept complete, it needs further enrichment with other than hierarchical relationships that can be obtained from security corpuses and information security standards.