Semantic web ecosystem based on CVE (NVD, CPE), CWE and CAPEC

Authors

DOI:

https://doi.org/10.60063/gsu.fmi.108.29-45

Keywords:

CAPEC, CPE, CVE, CWE, cybersecurity, NVD, semantic web

Abstract

CVE (NVD, CPE), CWE and CAPEC are databases in the Cybersecurity area sponsored and maintained by the US government. These are lists (databases) organized in taxonomies where it is appropriate. They contain information about known vulnerabilities, weaknesses and attacks. CVE (NVD, CPE), CWE and CAPEC are the corner stone in many cybersecurity tools.

The usage of traditional database systems for the tasks in the cybersecurity require extended knowledge and skills in querying for identification of vulnerabilities, weaknesses and attacks. CVE (NVD, CPE), CWE and CAPEC contain hidden facts and relationships (knowledge) buried in the data. This knowledge can be effectively accessed by the Semantic web tools.

The paper presents an approach for transition to the Semantic web of above-mentioned databases. The approach is presented in illustrative way. This means without duplication with information about the contents available for CVE (NVD, CPE), CWE and CAPEC.

Downloads

Published

2021-12-12

How to Cite

Dimitrov, V. (2021). Semantic web ecosystem based on CVE (NVD, CPE), CWE and CAPEC. Ann. Sofia Univ. Fac. Math. And Inf., 108, 29–45. https://doi.org/10.60063/gsu.fmi.108.29-45