Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis

Donatas Vitkus, Žilvinas Steckevičius, Nikolaj Goranin, Diana Kalibatienė, Antanas Čenys

Abstract


Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company.

Keywords


information security risk analysis, ontology, knowledge base, expert system, transformation, RIF, JESS

Full Text:

PDF

References


Abbas, A.; Privat, G. (2018). Bridging Property Graphs and RDF for IoT Information Management, SSWS@ ISWC, 77-92, 2018.

Abraham, A. (2005). Rule-Based expert systems. Handbook of measuring system design, John Wiley and Sons, New York, USA, 2005.
https://doi.org/10.1002/0471497398.mm422

Akerkar, R.A.; Sajja, P.S. (2010). Knowledge-based systems, Jones & Bartlett Publishers: Toronto, Canada, 2010.

Atymtayeva L.; Kozhakhmet K.; Bortsova G. (2014). Building a Knowledge Base for Expert System in Information Security, Soft Computing in Artificial Intelligence. Advances in Intelligent Systems and Computing, Springer, Cham, 57-76, 2014.
https://doi.org/10.1007/978-3-319-05515-2_7

Benta, D.; Rusu, L.; Manolescu, M.J. (2017). Workflow Automation in a Risk Management Framework for Pavement Maintenance Projects, International Journal of Computers Communications & Control, 12(2), 155-165, 2017.
https://doi.org/10.15837/ijccc.2017.2.2875

Blackley, J.; Peltier. (2015). Information Security Risk Analysis, CRC Press: New York, USA, 2015.

Blanco, C.; Lasheras, J.; Valencia-GarcAa, R.; Fernandez-Medina, E.; Toval, A.; Piattini, M. (2008). A systematic review and comparison of security ontologies, Availability, Reliability and Security, ARES 08. Third International Conference on IEEE, 813-820, 2008.
https://doi.org/10.1109/ARES.2008.33

Bova, V.V.; Kureichik, V.V.; Lezhebokov, A. (2014). The integrated model of representation of problem-oriented knowledge in information systems, 2014 IEEE 8th International Conference on Application of Information and Communication Technologies (AICT), 1-4, 2014.
https://doi.org/10.1109/ICAICT.2014.7035923

Brank, J.; Grobelnik, M.; Mladenic, D. (2005). A survey of ontology evaluation techniques, Proceedings of the conference on data mining and data warehouses (SiKDD 2005), 166-170, 2005.

Butaci, C.; Dzitac, S; Dzitac, I; Bologa, G. (2017). Prudent decisions to estimate the risk of loss in insurance, Technological and Economic Development of Economy, 23(2), 428-440, 2017.
https://doi.org/10.3846/20294913.2017.1285365

Cao, S. T.; Nguyen, L. A.; Szalas, A. (2011). On the Web ontology rule language OWL 2 RL, International Conference on Computational Collective Intelligence, Springer, 254-264, 2011.
https://doi.org/10.1007/978-3-642-23935-9_25

Classically, I. (2010). Performing a Security Risk Assessment, ISACA Journal, 1, 1-7, 2010.

Dahouk, A. W.; Abu-Naser, S. S. (2018). A Proposed Knowledge Based System for Desktop PC Troubleshooting, International Journal of Academic Pedagogical Research, 2(6), 1-8, 2018.

Daraio, C.; Lenzerini, M.; Leporelli, C.; Naggar, P.; Bonaccorsi, A.; Bartolucci, A. (2016). The advantages of an Ontology-Based Data Management approach: openness, interoperability and data quality, Scientometrics, 108(1), 441-455, 2016.
https://doi.org/10.1007/s11192-016-1913-6

de Rosa, F.; De Gloria, A.; Jousselme, A. L. (2019). Analytical games for knowledge engineering of expert systems in support to Situational Awareness: The Reliability Game case study, Expert Systems with Applications, 138, 112800, 2019.
https://doi.org/10.1016/j.eswa.2019.07.017

Dzitac, I.; Barbat, B. E. (2009). Artificial intelligence+ distributed systems= agents, International Journal of Computers Communications & Control, 4(1), 17-26, 2009.
https://doi.org/10.15837/ijccc.2009.1.2410

Fenz, S.; Plieschnegger, S.; Hobel, H. (2016). Mapping information security standard ISO 27002 to an ontological structure, Information & Computer Security , 24(5), 452-473, 2016.
https://doi.org/10.1108/ICS-07-2015-0030

Gruber, T. (2008). Collective knowledge systems: Where the social web meets the semantic web, Web semantics: science, services and agents on the World Wide Web, 6(1), 4-13, 2018.
https://doi.org/10.1016/j.websem.2007.11.011

Islam, M. S.; Nepal, M. P.; Skitmore, M.; Kabir, G. (2019). A Knowledge-based Expert System to Assess Power Plant Project Cost Overrun Risks, Expert Systems with Applications, 138, 12-32, 2019.
https://doi.org/10.1016/j.eswa.2019.06.030

Janulevicius, J.; Marozas, L.; Cenys, A.; Goranin, N.; Ramanauskaite, S. (2017). Enterprise architecture modeling based on cloud computing security ontology as a reference model, 2017 Open Conference of Electrical, Electronic and Information Sciences (eStream), IEEE, 1-6, 2017.
https://doi.org/10.1109/eStream.2017.7950320

Joseph, K.; William, R. (2003). DAMLJessKB: A Tool for Reasoning with the Semantic Web, IEEE Intelligent Systems, 18, 74-77, 2003.
https://doi.org/10.1109/MIS.2003.1200733

Kaminski, J. (2014). Nursing Decision Support and Expert Systems & Artificial Intelligence, [Online]. Available: http://www.nursing-informatics.com/, Accessed on 03 March 2019.

Katz, Y.; Grau, B.C. (2005). Representing qualitative spatial information in OWL DL, Proceedings of the First International Workshop: OWL Experiences and Directions, Galway, Ireland, 2005.

Kidd, A. (1987). Knowledge Acquisition - An Introductory Framework, Knowledge acquisition for expert systems: A practical handbook, Plenum Press: New York, USA, 5 - 15, 1987.
https://doi.org/10.1007/978-1-4613-1823-1_1

Kim, S.K.; Lim, S.; Mitchell, R.B. (2008). A method for knowledge modeling with unified modeling language (UML): Building a blueprint for knowledge management, Current Issues in Knowledge Management, IGI Global: Paris, France, 228-242, 2008.
https://doi.org/10.4018/978-1-59904-916-8.ch015

Knublauch H. (2002). A method for knowledge modeling with unified modeling language (UML): Building a blueprint for knowledge management, PhD thesis, University of Ulm, 2002.

Kontopoulos, E.; Martinopoulos, G.; Lazarou, D.; Bassiliades (2016). An ontology-based decision support tool for optimizing domestic solar hot water system selection, Journal of Cleaner Production, 112, 4636-4646, 2016.
https://doi.org/10.1016/j.jclepro.2015.08.088

Kozhakhmet, K.; Bortsova, G.; Inoue, A.; Atymtayeva, L. (2016). Expert System for Security Audit Using Fuzzy Logic, Proceedings of the 23rd Midwest Artificial Intelligence and Cognitive Science Conference (MAICS2012), 146-151, 2016.

Ma, X.; Zhan, J.; Ali, M. I.; Mehmood, N. (2018). A survey of decision making methods based on two classes of hybrid soft set models, Artificial Intelligence Review, 49(4), 511-529, 2018.
https://doi.org/10.1007/s10462-016-9534-2

Maldoff G. (2017). The Risk-Based Approach in the GDPR: Interpretation and Implications, [Online]. Available: https://iapp.org/media/pdf/resource_center/GDPR_Study_Maldoff.pdf, Accessed on 03 March 2019.

Mas, S.; Wang, F.; Reinhardt, W. (2005). Using ontologies for integrity constraint definition, Proceedings of the 4th international symposium on spatial data quality, 25-26, 2005.

Meditskos, G.; Bassiliades, N. (2008). Combining a DL Reasoner and a Rule Engine for Improving Entailment-Based OWL Reasoning, International Semantic Web Conference, Karlsruhe, Germany, 277-292, 2008.
https://doi.org/10.1007/978-3-540-88564-1_18

Obrst, L.; Chase, P. (2012). On Developing on Ontology of the Cyber Security Domain, Proc. of the 7-th International Conference on Semantic Technologies for Intelligence, Defense and Security, Fairfax, USA, 49-56, 2012.

Otero-Cerdeira, L.; Rodriguez-Martinez, F.J.; Gomez-Rodriguez, A. (2015). Ontology matching: A literature review, Expert Systems with Applications , 42.2, 949-971, 2015.
https://doi.org/10.1016/j.eswa.2014.08.032

Rainer, R.K.; Cegielski, C.G.; Splettstoesser-Hogeterp, I.; Sanchez-Rodriguez, C. (2014). Information Systems within the Organization, Introduction to information systems. Supporting and Transforming Business, 3rd ed., John Wiley & Sons: Toronto, Canada, 2014; 227-228, 2014.

Ramanauskaite, S.; Olifer, D.; Goranin, N.; Cenys, A. (2013). Security ontology for adaptive mapping of security standards, International Journal of Computers Communications & Control, 8(6), 878-890, 2013.
https://doi.org/10.15837/ijccc.2013.6.764

Reynolds, D. (2010). OWL 2 RL in RIF, W3C Working Group Note.

Rick, U.; Vossen, R.; Richert, A.; Henning, K. (2010). Designing agile processes in information management, 2010 2nd IEEE International Conference on Information Management and Engineering, 156-160, 2010.
https://doi.org/10.1109/ICIME.2010.5477776

Sicilia, M.A.; Garcia-Barriocanal, E.; Bermejo-Higuera, J.; Sanchez-Alonso, S. (2015). What are information security ontologies useful for?, Research Conference on Metadata and Semantics Research, Springer, Cham, 51-61, 2015.
https://doi.org/10.1007/978-3-319-24129-6_5

Slimani, T. (2015). Ontology development: A comparing study on tools, languages and formalisms, Indian Journal of Science and Technology, 8(24), 1-12, 2015.
https://doi.org/10.17485/ijst/2015/v8i1/54249

Spatti, D. H., Liboni, L., Flauzino, R. A., Bossolan, R. P., Vitti, B. C. (2019). Expert System for an Optimized Asset Management in Electric Power Transmission Systems, Journal of Control, Automation and Electrical Systems, 30(3), 434-440, 2019.
https://doi.org/10.1007/s40313-019-00451-4

Sun, N.; Zhang, J.; Rimba, P.; Gao, S.; Zhang, L. Y.; Xiang, Y. (2018). Data-driven cybersecurity incident prediction: A survey, IEEE Communications Surveys & Tutorials, 21(2), 1744-1772, 2018.
https://doi.org/10.1109/COMST.2018.2885561

Tommasini, R.; Bonte, P.; Della Valle, E.; Ongenae, F.; De Turck, F. (2018). A Query Model for Ontology-Based Event Processing over RDF Streams, European Knowledge Acquisition Workshop, Springer, Cham, 439-453, 2018.
https://doi.org/10.1007/978-3-030-03667-6_28

Tsudik, G.; Summers, R. C. (1990). AudES-An Expert System for Security Auditing, IAAI, 221-232, 1990.

Van Woensel, W.; Abidi, S. S. R. (2018). Optimizing semantic reasoning on memoryconstrained platforms using the RETE algorithm, European Semantic Web Conference, Springer, Cham, 682-696, 2018.
https://doi.org/10.1007/978-3-319-93417-4_44

Webb, J.; Ahmad, A.; Maynard, S.B.; Shanks, G. (2014). A situation awareness model for information security risk management, Computers & security, 44, 1-15, 2014.
https://doi.org/10.1016/j.cose.2014.04.005

Willcocks, L. (1994). Information management: the evaluation of information systems investments, 1st ed. Springer Science & Business Media: Oxford University, United Kingdom, 219-225, 1994.
https://doi.org/10.1007/978-1-4899-3208-2

Yazdani, M.; Alidoosti, A.; Zavadskas, E.K (2011). Risk analysis of critical infrastructures using fuzzy COPRAS, Economic research-Ekonomska istrazivanja, 24(4), 27-40, 2011.
https://doi.org/10.1080/1331677X.2011.11517478

Yu, L. (2011). A developer's guide to the semantic Web, Springer Science & Business Media: Oxford University, United Kingdom, 2011.
https://doi.org/10.1007/978-3-642-15970-1

OWL 2 Web Ontology Language Structural Specification and Functional-Style Syntax (Second Edition), [Online]. Available: https://www.w3.org/TR/owl2-syntax/, Accessed on 03 March 2019.

W3C OWL 2 Web Ontology Language Conformance (Second Edition), [Online]. Available online: https://www.w3.org/TR/owl2-conformance/#Test_Cases, Accessed on 03 March 2019.




DOI: https://doi.org/10.15837/ijccc.2019.6.3668



Copyright (c) 2019 Donatas Vitkus, Žilvinas Steckevičius, Nikolaj Goranin, Diana Kalibatienė, Antanas Čenys

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

CC-BY-NC  License for Website User

Articles published in IJCCC user license are protected by copyright.

Users can access, download, copy, translate the IJCCC articles for non-commercial purposes provided that users, but cannot redistribute, display or adapt:

  • Cite the article using an appropriate bibliographic citation: author(s), article title, journal, volume, issue, page numbers, year of publication, DOI, and the link to the definitive published version on IJCCC website;
  • Maintain the integrity of the IJCCC article;
  • Retain the copyright notices and links to these terms and conditions so it is clear to other users what can and what cannot be done with the  article;
  • Ensure that, for any content in the IJCCC article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party;
  • Any translations must prominently display the statement: "This is an unofficial translation of an article that appeared in IJCCC. Agora University  has not endorsed this translation."

This is a non commercial license where the use of published articles for commercial purposes is forbiden. 

Commercial purposes include: 

  • Copying or downloading IJCCC articles, or linking to such postings, for further redistribution, sale or licensing, for a fee;
  • Copying, downloading or posting by a site or service that incorporates advertising with such content;
  • The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee;
  • Use of IJCCC articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise;
  • Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation;

    The licensor cannot revoke these freedoms as long as you follow the license terms.

[End of CC-BY-NC  License for Website User]


INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL (IJCCC), With Emphasis on the Integration of Three Technologies (C & C & C),  ISSN 1841-9836.

IJCCC was founded in 2006,  at Agora University, by  Ioan DZITAC (Editor-in-Chief),  Florin Gheorghe FILIP (Editor-in-Chief), and  Misu-Jan MANOLESCU (Managing Editor).

Ethics: This journal is a member of, and subscribes to the principles of, the Committee on Publication Ethics (COPE).

Ioan  DZITAC (Editor-in-Chief) at COPE European Seminar, Bruxelles, 2015:

IJCCC is covered/indexed/abstracted in Science Citation Index Expanded (since vol.1(S),  2006); JCR2018: IF=1.585..

IJCCC is indexed in Scopus from 2008 (CiteScore2018 = 1.56):

Nomination by Elsevier for Journal Excellence Award Romania 2015 (SNIP2014 = 1.029): Elsevier/ Scopus

IJCCC was nominated by Elsevier for Journal Excellence Award - "Scopus Awards Romania 2015" (SNIP2014 = 1.029).

IJCCC is in Top 3 of 157 Romanian journals indexed by Scopus (in all fields) and No.1 in Computer Science field by Elsevier/ Scopus.

 

 Impact Factor in JCR2018 (Clarivate Analytics/SCI Expanded/ISI Web of Science): IF=1.585 (Q3). Scopus: CiteScore2018=1.56 (Q2);

SCImago Journal & Country Rank

Editors-in-Chief: Ioan DZITAC & Florin Gheorghe FILIP.