A Hybrid Approach to Developing a Cyber Security Ontology

James Geller, Soon Ae Chun, Arwa Wali


The process of developing an ontology cannot be fully automated at the current state-of-the-art. However, leaving the tedious, time-consuming and error-prone task of ontology development entirely to humans has problems of its own, including limited staff budgets and semantic disagreements between experts. Thus, a hybrid computer/expert approach is advocated. The research challenge is how to minimize and optimally organize the task of the expert(s) while maximally leveraging the power of the computer and of existing computer-readable documents. The purpose of this paper is two-fold. First we present such a hybrid approach by describing a knowledge acquisition tool that we have developed. This tool makes use of an existing Bootstrap Ontology and proposes likely locations of concepts and semantic relationships, based on a text book, to a domain expert who can decide on them. The tool is attempting to minimize the number of interactions. Secondly we are proposing the notion of an augmented ontology specifically for pedagogical use. The application domain of this work is cyber-security education, but the ontology development methods are applicable to any educational topic.


  1. An, Y. J., Geller, J., Wu, Y., & Chun, S. A. (2007). Automatic Generation of Ontology from the Deep Web. Proceedings Database and Expert Systems Applications. DEXA 7807, Regensburg, Germany.
  2. Bajec, M., Eder, J., Souag, A., Salinesi, C., & ComynWattiau, I. (2012). Ontologies for Security Requirements: A Literature Survey and Classification. Proceedings Advanced Information Systems Engineering Workshops.
  3. Blanco, C., Lasheras, J., Valencia-Garcia, R., FernandezMedina, E., Toval, A., & Piattini, M. (2008). A Systematic Review and Comparison of Security Ontologies. Proceedings Third International Conference on Availability, Reliability and Security.
  4. Caracciolo, C. (2006). Designing and Implementing an Ontology for Logic and Linguistics. Literary & Linguistic Computing, 21, 29-39.
  5. Chun, S. A., Geller, J., & Wali, A. (2014). Developing Cyber Security Ontology and Linked Data of Security Knowledge Network. Proceedings Conference of the Florida Artificial Intelligence Research Society (Flairs-27), Pensacola, FL.
  6. Cimiano, P., Hotho, A., & Staab, S. (2005). Learning concept hierarchies from text corpora using formal concept analysis. J. Artif. Int. Res., 24, 305-339.
  7. Cleveland, D. B., & Cleveland, A. D. (2013). Introduction to indexing and abstracting (Fourth edition. ed.).
  8. Cornet, R., & de Keizer, N. (2008). Forty years of SNOMED: a literature review. BMC Med Inform Decis Mak, 8 Suppl 1, S2. doi: 1472-6947-8-S1-S2 [pii] 10.1186/1472-6947-8-S1-S2
  9. Fellbaum, C. (1998). WordNet : an electronic lexical database. Cambridge, Mass: MIT Press.
  10. Fenz, S., & Ekelhart, A. (2009). Formalizing information security knowledge. Proceedings 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia.
  11. Geller, J., Chun, S. A., & An, Y. J. (2008). Toward the Semantic Deep Web. IEEE Computer, 95-97.
  12. Geneiatakis, D., & Lambrinoudakis, C. (2007). An ontology description for SIP security flaws. Comput. Commun., 30, 1367-1374.
  13. Glossary of Key Information Security Terms. (2012) NIST Interagency Report (pp. 222): NIST, US Department of Commerce.
  14. Goodrich, M. t., & Tamassia, R. (2010). Introduction to Computer Security: Addison-Wesley.
  15. Hearst, M. A. (1992). Automatic acquisition of hyponyms from large text corpora. Proceedings 14th conference on Computational linguistics, Nantes, France.
  16. Herzog, A., Shahmeri, N., & Duma, C. (2007). An Ontology of Information Security. International Journal of Information Security and Privacy, 1(4), 1- 23.
  17. Hindle, D. (1990). Noun classification from predicateargument structures. Proceedings 28th annual meeting of the Association for Computational Linguistics, Pittsburgh, Pennsylvania.
  18. Humphreys, B. L., & Lindberg, D. A. B. (1993). The UMLS project: making the conceptual connection between users and the information they need. Bulletin of the Medical Library Association, 81(2), 170.
  19. Jain, P., Hitzler, P., Sheth, A. P., Verma, K., & Yeh, P. Z. (2010). Ontology alignment for linked open data. Proceedings 9th International Semantic Web Conference, Shanghai, China.
  20. Meersman, R., Tari, Z., Kim, A., Luo, J., & Kang, M. (2005). Security Ontology for Annotating Resources. Proceedings On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE.
  21. Musen, M. (2014) Personal Communication.
  22. Noy, N. F., & McGuinness, D. L. Ontology Development 101: A Guide to Creating Your First Ontology. From http://protege.stanford.edu/publications/ontology_deve lopment/ontology101-noy-mcguinness.html
  23. Pattanasri, N., Jatowt, A., & Tanaka, K. (2007). Contextaware search inside e-learning materials using textbook ontologies. Proceedings Joint 9th AsiaPacific Web and 8th International Conference on webage information management conference on advances in data and web management, Huang Shan, China.
  24. Schulz, S., Cornet, R., & Spackman, K. (2011). Consolidating SNOMED CT's ontological commitment. Applied Ontology, 6(1), 1-11.
  25. Vigna, G., Kruegel, C., Jonsson, E., Undercoffer, J., Joshi, A., & J., P. (2003). Modeling Computer Attacks: An Ontology for Intrusion Detection Recent Advances in Intrusion Detection (Vol. 2820, pp. 113-135). Berlin: Springer Verlag.
  26. Wali, A., Chun, S. A., & Geller, J. (2013). A Bootstrapping Approach for Developing Cyber Security Ontology Using Textbook Index Terms. Proceedings International Conference on Availability, Reliability and Security (ARES 2013), University of Regensburg, Germany.
  27. Wiebke, P. (2004). A Set-Theoretical Approach for the Induction of Inheritance Hierarchies. Electron Notes Theor Comput Sci, 53, 1-13.
  28. Wu, Z., Li, Z., Mitra, P., & Giles, C. L. (2013). Can Backof-the-Book Indexes be Automatically Created? Proceedings CIKM, pp. 1745-1750, San Francisco, CA.

Paper Citation

in Harvard Style

Geller J., Ae Chun S. and Wali A. (2014). A Hybrid Approach to Developing a Cyber Security Ontology . In Proceedings of 3rd International Conference on Data Management Technologies and Applications - Volume 1: DATA, ISBN 978-989-758-035-2, pages 377-384. DOI: 10.5220/0005111503770384

in Bibtex Style

author={James Geller and Soon Ae Chun and Arwa Wali},
title={A Hybrid Approach to Developing a Cyber Security Ontology},
booktitle={Proceedings of 3rd International Conference on Data Management Technologies and Applications - Volume 1: DATA,},

in EndNote Style

JO - Proceedings of 3rd International Conference on Data Management Technologies and Applications - Volume 1: DATA,
TI - A Hybrid Approach to Developing a Cyber Security Ontology
SN - 978-989-758-035-2
AU - Geller J.
AU - Ae Chun S.
AU - Wali A.
PY - 2014
SP - 377
EP - 384
DO - 10.5220/0005111503770384