Semantic model of Information Security: Extracting Conceptual Network with Analysis Approach of Scientific Publications and Delphi

Considering the emergence and increasing expansion of various subject domains and the lack of a valid codified thesaurus, the main aim of this study is to provide a semantic model of information security based on a conceptual network for use in domain ontologies, so it is applied research.

The research method is a combination of co-word analysis, library, and Delphi methods. In the first stage, the conceptual network was extracted from 7547 scientific documents on "information security" using the co-words analysis method. These documents were indexed in the Scopus databases and WOS from 2013 to 2017. Pre-processing operations on 19648 keywords and tags were done in a completely targeted manner by using five dictionaries in information security, and three dictionaries in computer science. With a minimum co-occurrence of 5 for each word in "VOS Viewer", 207 preferred concepts were selected based on the latest version of the information security dictionary, and its conceptual network was mapped. By "Gephi", betweenness centrality, density, and clustering coefficient indices were checked. Then in the second stage, for extracting a new semantic model, used the library method. So, seven related semantic models: Security ontology, information security ontology, attack ontology, vulnerability ontology, existence - Ontosec mapping, and threat taxonomy as well as the conceptual model of information systems security in libraries. These entities, classes, subclasses, relationships between them, concepts, and examples attributed to each class and subclass were studied and examined carefully. Then, 207 conceptual network concepts were adapted to the common components of these models, and a new model was presented. Finally, in third stage, using the fuzzy Delphi technique, the consensus of experts in both fields of Knowledge and Information Science (KIS) and Computer Sciences was examined. Using SPSS and Kendall's non-parametric test, the experts' agreement coefficient about the classes and sub-classes, as well as their associated concepts, were investigated. 5 classes, 6 subclasses and also 71 concepts out of 97 common concepts with an agreement coefficient above 0.7 were obtained. Finally, confirmatory factor analysis and Smart PLS structural modeling were used to check the correctness of the relationships governing the classes and subclasses in the conceptual model.

The main nodes and strong links in the conceptual network of information security include: "information security," "security," "information system," "privacy," "telecommunication," "information," "intrusion detection system," "cryptography," "cyber security," "authentication," "network," "risk," "threat," and "risk management framework." The extracted semantic model has a goodness of fitting (GOF) of 0.710 and confirms 11 semantic relationships. These relationships include: "Requires level," "Diminish," "Threatens," "Exploited by," "has Source," "Uses of," "Lead to," "Attack," "Vulnerability on," "Implemented by," and "Reduce." Also, it has 5 main classes, including "Information Asset," "Security Attribution," "Threat," "Vulnerability," and "Countermeasure." There are also 6 subclasses, which include "Threat Source," "Access Path (influence way)," "Threat Tools," and "Attack," all related to the Threat class. Additionally, there are Technological countermeasures and Organizational countermeasures, which are related to the Countermeasure class. Also, it was discovered that there are 71 attributive concepts, some of which include: Password, Smart card, User, Integrity, Hacker, Malicious code, Virus, Distributed Denial Of Service (DDOS), Risk management, Backup, Digital signature, Penetration testing, Antivirus, Firewall, and so on.

The conceptual network and semantic model can be inferred in semantic systems and databases. This research can provide a new method for creating high-level ontologies to optimize search engines and reduce false dropping, as well as recover unwanted information.