Security and Ontology
Members of the Enterprise Threat and Vulnerability Analysis (ETVA)
team are aware of the need for controlled vocabularies, taxonomies,
and ontologies to make progress toward a science of cybersecurity. The
ETVA team is addressing this gap. Its first step is the Malware
Analysis Lexicon (MAL) initiative, a small project to develop the
discipline's first common vocabulary.
On this page, we describe our recent MAL publications and link to
related resources. We also invite your feedback. Do you have comments
or new terms to contribute to our lexicon? Do you want more
information about our methods and future plans? Contact us—we
are eager to talk to you and hear your opinions.
Technical Report—The MAL: A Malware Analysis Lexicon
ETVA formed the MAL initiative—a small project to develop the
malware discipline's first common vocabulary. In February, MAL
team members published a technical report that provides background
about the need for an ontology in malware analysis, describes the
approach taken to form a malware ontology, and presents the first
version of the malware lexicon.
The MAL: A Malware Analysis Lexicon
- Share Your Feedback
Podcast—Using a Malware
Ontology to Make Progress Toward a Science of Cybersecurity
In May, we released a podcast titled "Using a Malware
Ontology to Make Progress Toward a Science of Cybersecurity,"
where David Mundie, a member of the ETVA team, discusses why
ontologies are critical, describes an ontology for malware analysis
and competency frameworks, and provides more information about
security ontologies that are currently being developed.
- Listen to the Podcast
- Contribute to the Conversation
Blog Post—How Ontologies Can Help Build a Science of Cybersecurity
In March, we released a blog post titled "How Ontologies Can Help
Build a Science of Cybersecurity." In this post, Dave Mundie describes
ontologies, provides background about their importance, and discusses
the ETVA team's approach to generating a controlled vocabulary for
- Read the Blog Post
- Send Us Your Comments
Resources at a Glance
a free open-source Java tool providing an extensible architecture for the creation of customized knowledge-based applications
the W3C-produced web ontology language that uses both URIs for naming
and the description framework for the Web
Enisa's Ontology for Resilience
a set of ontology and taxonomies for critical infrastructures
The Second International Workshop on Security Ontologies and Taxonomies
an annual workshop on ontologies and security
a collaborative work environment for ontological engineering and sponsor of the Ontology Summit. CMU's Steven Ray is an active member of Ontolog, a collaborative work environment for ontological engineering and sponsor of the Ontology Summit.
Data Breach Legislation Ontology
a description of work by CMU's Travis Breaux, who has captured the data breach notification legislation for many states using a formal ontology language
Join the Discussion
We welcome your feedback about the lexicon and our related
efforts. Send us your comments or suggestions, and feel free to
contribute new terms to the lexicon. Share
your ideas with us.