Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis
Keywords:
information security risk analysis, ontology, knowledge base, expert system, transformation, RIF, JESSAbstract
Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company.References
Abbas, A.; Privat, G. (2018). Bridging Property Graphs and RDF for IoT Information Management, SSWS@ ISWC, 77-92, 2018.
Abraham, A. (2005). Rule-Based expert systems. Handbook of measuring system design, John Wiley and Sons, New York, USA, 2005. https://doi.org/10.1002/0471497398.mm422
Akerkar, R.A.; Sajja, P.S. (2010). Knowledge-based systems, Jones & Bartlett Publishers: Toronto, Canada, 2010.
Atymtayeva L.; Kozhakhmet K.; Bortsova G. (2014). Building a Knowledge Base for Expert System in Information Security, Soft Computing in Artificial Intelligence. Advances in Intelligent Systems and Computing, Springer, Cham, 57-76, 2014. https://doi.org/10.1007/978-3-319-05515-2_7
Benta, D.; Rusu, L.; Manolescu, M.J. (2017). Workflow Automation in a Risk Management Framework for Pavement Maintenance Projects, International Journal of Computers Communications & Control, 12(2), 155-165, 2017. https://doi.org/10.15837/ijccc.2017.2.2875
Blackley, J.; Peltier. (2015). Information Security Risk Analysis, CRC Press: New York, USA, 2015.
Blanco, C.; Lasheras, J.; Valencia-GarcAa, R.; Fernandez-Medina, E.; Toval, A.; Piattini, M. (2008). A systematic review and comparison of security ontologies, Availability, Reliability and Security, ARES 08. Third International Conference on IEEE, 813-820, 2008. https://doi.org/10.1109/ARES.2008.33
Bova, V.V.; Kureichik, V.V.; Lezhebokov, A. (2014). The integrated model of representation of problem-oriented knowledge in information systems, 2014 IEEE 8th International Conference on Application of Information and Communication Technologies (AICT), 1-4, 2014. https://doi.org/10.1109/ICAICT.2014.7035923
Brank, J.; Grobelnik, M.; Mladenic, D. (2005). A survey of ontology evaluation techniques, Proceedings of the conference on data mining and data warehouses (SiKDD 2005), 166-170, 2005.
Butaci, C.; Dzitac, S; Dzitac, I; Bologa, G. (2017). Prudent decisions to estimate the risk of loss in insurance, Technological and Economic Development of Economy, 23(2), 428-440, 2017. https://doi.org/10.3846/20294913.2017.1285365
Cao, S. T.; Nguyen, L. A.; Szalas, A. (2011). On the Web ontology rule language OWL 2 RL, International Conference on Computational Collective Intelligence, Springer, 254-264, 2011. https://doi.org/10.1007/978-3-642-23935-9_25
Classically, I. (2010). Performing a Security Risk Assessment, ISACA Journal, 1, 1-7, 2010.
Dahouk, A. W.; Abu-Naser, S. S. (2018). A Proposed Knowledge Based System for Desktop PC Troubleshooting, International Journal of Academic Pedagogical Research, 2(6), 1-8, 2018.
Daraio, C.; Lenzerini, M.; Leporelli, C.; Naggar, P.; Bonaccorsi, A.; Bartolucci, A. (2016). The advantages of an Ontology-Based Data Management approach: openness, interoperability and data quality, Scientometrics, 108(1), 441-455, 2016. https://doi.org/10.1007/s11192-016-1913-6
de Rosa, F.; De Gloria, A.; Jousselme, A. L. (2019). Analytical games for knowledge engineering of expert systems in support to Situational Awareness: The Reliability Game case study, Expert Systems with Applications, 138, 112800, 2019. https://doi.org/10.1016/j.eswa.2019.07.017
Dzitac, I.; Barbat, B. E. (2009). Artificial intelligence+ distributed systems= agents, International Journal of Computers Communications & Control, 4(1), 17-26, 2009. https://doi.org/10.15837/ijccc.2009.1.2410
Fenz, S.; Plieschnegger, S.; Hobel, H. (2016). Mapping information security standard ISO 27002 to an ontological structure, Information & Computer Security , 24(5), 452-473, 2016. https://doi.org/10.1108/ICS-07-2015-0030
Gruber, T. (2008). Collective knowledge systems: Where the social web meets the semantic web, Web semantics: science, services and agents on the World Wide Web, 6(1), 4-13, 2018. https://doi.org/10.1016/j.websem.2007.11.011
Islam, M. S.; Nepal, M. P.; Skitmore, M.; Kabir, G. (2019). A Knowledge-based Expert System to Assess Power Plant Project Cost Overrun Risks, Expert Systems with Applications, 138, 12-32, 2019. https://doi.org/10.1016/j.eswa.2019.06.030
Janulevicius, J.; Marozas, L.; Cenys, A.; Goranin, N.; Ramanauskaite, S. (2017). Enterprise architecture modeling based on cloud computing security ontology as a reference model, 2017 Open Conference of Electrical, Electronic and Information Sciences (eStream), IEEE, 1-6, 2017. https://doi.org/10.1109/eStream.2017.7950320
Joseph, K.; William, R. (2003). DAMLJessKB: A Tool for Reasoning with the Semantic Web, IEEE Intelligent Systems, 18, 74-77, 2003. https://doi.org/10.1109/MIS.2003.1200733
Kaminski, J. (2014). Nursing Decision Support and Expert Systems & Artificial Intelligence, [Online]. Available: http://www.nursing-informatics.com/, Accessed on 03 March 2019.
Katz, Y.; Grau, B.C. (2005). Representing qualitative spatial information in OWL DL, Proceedings of the First International Workshop: OWL Experiences and Directions, Galway, Ireland, 2005.
Kidd, A. (1987). Knowledge Acquisition - An Introductory Framework, Knowledge acquisition for expert systems: A practical handbook, Plenum Press: New York, USA, 5 - 15, 1987. https://doi.org/10.1007/978-1-4613-1823-1_1
Kim, S.K.; Lim, S.; Mitchell, R.B. (2008). A method for knowledge modeling with unified modeling language (UML): Building a blueprint for knowledge management, Current Issues in Knowledge Management, IGI Global: Paris, France, 228-242, 2008. https://doi.org/10.4018/978-1-59904-916-8.ch015
Knublauch H. (2002). A method for knowledge modeling with unified modeling language (UML): Building a blueprint for knowledge management, PhD thesis, University of Ulm, 2002.
Kontopoulos, E.; Martinopoulos, G.; Lazarou, D.; Bassiliades (2016). An ontology-based decision support tool for optimizing domestic solar hot water system selection, Journal of Cleaner Production, 112, 4636-4646, 2016. https://doi.org/10.1016/j.jclepro.2015.08.088
Kozhakhmet, K.; Bortsova, G.; Inoue, A.; Atymtayeva, L. (2016). Expert System for Security Audit Using Fuzzy Logic, Proceedings of the 23rd Midwest Artificial Intelligence and Cognitive Science Conference (MAICS2012), 146-151, 2016.
Ma, X.; Zhan, J.; Ali, M. I.; Mehmood, N. (2018). A survey of decision making methods based on two classes of hybrid soft set models, Artificial Intelligence Review, 49(4), 511-529, 2018. https://doi.org/10.1007/s10462-016-9534-2
Maldoff G. (2017). The Risk-Based Approach in the GDPR: Interpretation and Implications, [Online]. Available: https://iapp.org/media/pdf/resource_center/GDPR_Study_Maldoff.pdf, Accessed on 03 March 2019.
Mas, S.; Wang, F.; Reinhardt, W. (2005). Using ontologies for integrity constraint definition, Proceedings of the 4th international symposium on spatial data quality, 25-26, 2005.
Meditskos, G.; Bassiliades, N. (2008). Combining a DL Reasoner and a Rule Engine for Improving Entailment-Based OWL Reasoning, International Semantic Web Conference, Karlsruhe, Germany, 277-292, 2008. https://doi.org/10.1007/978-3-540-88564-1_18
Obrst, L.; Chase, P. (2012). On Developing on Ontology of the Cyber Security Domain, Proc. of the 7-th International Conference on Semantic Technologies for Intelligence, Defense and Security, Fairfax, USA, 49-56, 2012.
Otero-Cerdeira, L.; Rodriguez-Martinez, F.J.; Gomez-Rodriguez, A. (2015). Ontology matching: A literature review, Expert Systems with Applications , 42.2, 949-971, 2015. https://doi.org/10.1016/j.eswa.2014.08.032
Rainer, R.K.; Cegielski, C.G.; Splettstoesser-Hogeterp, I.; Sanchez-Rodriguez, C. (2014). Information Systems within the Organization, Introduction to information systems. Supporting and Transforming Business, 3rd ed., John Wiley & Sons: Toronto, Canada, 2014; 227-228, 2014.
Ramanauskaite, S.; Olifer, D.; Goranin, N.; Cenys, A. (2013). Security ontology for adaptive mapping of security standards, International Journal of Computers Communications & Control, 8(6), 878-890, 2013. https://doi.org/10.15837/ijccc.2013.6.764
Reynolds, D. (2010). OWL 2 RL in RIF, W3C Working Group Note.
Rick, U.; Vossen, R.; Richert, A.; Henning, K. (2010). Designing agile processes in information management, 2010 2nd IEEE International Conference on Information Management and Engineering, 156-160, 2010. https://doi.org/10.1109/ICIME.2010.5477776
Sicilia, M.A.; Garcia-Barriocanal, E.; Bermejo-Higuera, J.; Sanchez-Alonso, S. (2015). What are information security ontologies useful for?, Research Conference on Metadata and Semantics Research, Springer, Cham, 51-61, 2015. https://doi.org/10.1007/978-3-319-24129-6_5
Slimani, T. (2015). Ontology development: A comparing study on tools, languages and formalisms, Indian Journal of Science and Technology, 8(24), 1-12, 2015. https://doi.org/10.17485/ijst/2015/v8i1/54249
Spatti, D. H., Liboni, L., Flauzino, R. A., Bossolan, R. P., Vitti, B. C. (2019). Expert System for an Optimized Asset Management in Electric Power Transmission Systems, Journal of Control, Automation and Electrical Systems, 30(3), 434-440, 2019. https://doi.org/10.1007/s40313-019-00451-4
Sun, N.; Zhang, J.; Rimba, P.; Gao, S.; Zhang, L. Y.; Xiang, Y. (2018). Data-driven cybersecurity incident prediction: A survey, IEEE Communications Surveys & Tutorials, 21(2), 1744-1772, 2018. https://doi.org/10.1109/COMST.2018.2885561
Tommasini, R.; Bonte, P.; Della Valle, E.; Ongenae, F.; De Turck, F. (2018). A Query Model for Ontology-Based Event Processing over RDF Streams, European Knowledge Acquisition Workshop, Springer, Cham, 439-453, 2018. https://doi.org/10.1007/978-3-030-03667-6_28
Tsudik, G.; Summers, R. C. (1990). AudES-An Expert System for Security Auditing, IAAI, 221-232, 1990.
Van Woensel, W.; Abidi, S. S. R. (2018). Optimizing semantic reasoning on memoryconstrained platforms using the RETE algorithm, European Semantic Web Conference, Springer, Cham, 682-696, 2018. https://doi.org/10.1007/978-3-319-93417-4_44
Webb, J.; Ahmad, A.; Maynard, S.B.; Shanks, G. (2014). A situation awareness model for information security risk management, Computers & security, 44, 1-15, 2014. https://doi.org/10.1016/j.cose.2014.04.005
Willcocks, L. (1994). Information management: the evaluation of information systems investments, 1st ed. Springer Science & Business Media: Oxford University, United Kingdom, 219-225, 1994. https://doi.org/10.1007/978-1-4899-3208-2
Yazdani, M.; Alidoosti, A.; Zavadskas, E.K (2011). Risk analysis of critical infrastructures using fuzzy COPRAS, Economic research-Ekonomska istrazivanja, 24(4), 27-40, 2011. https://doi.org/10.1080/1331677X.2011.11517478
Yu, L. (2011). A developer's guide to the semantic Web, Springer Science & Business Media: Oxford University, United Kingdom, 2011. https://doi.org/10.1007/978-3-642-15970-1
OWL 2 Web Ontology Language Structural Specification and Functional-Style Syntax (Second Edition), [Online]. Available: https://www.w3.org/TR/owl2-syntax/, Accessed on 03 March 2019.
W3C OWL 2 Web Ontology Language Conformance (Second Edition), [Online]. Available online: https://www.w3.org/TR/owl2-conformance/#Test_Cases, Accessed on 03 March 2019.
Published
Issue
Section
License
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.
