Rethinking Cybersecurity Ontology Classification and Evaluation: Towards a Credibility-Centered Framework

TL;DR

This paper highlights the importance of credibility in cybersecurity ontology adoption, proposing a new framework with indicators like institutional support and validation to improve ontology selection and trust.

Contribution

It introduces a credibility-centered framework for evaluating cybersecurity ontologies, incorporating new indicators and applying it to a real-world use case.

Findings

Credibility factors influence ontology adoption.

The new framework improves ontology selection relevance.

Application to ANCILE project demonstrates practical benefits.

Abstract

This paper analyzes the proliferation of cybersecurity ontologies, arguing that this surge cannot be explained solely by technical shortcomings related to quality, but also by a credibility deficit - a lack of trust, endorsement, and adoption by users. This conclusion is based on our first contribution, which is a state-of-the-art review and categorization of cybersecurity ontologies using the Framework for Ontologies Classification framework. To address this gap, we propose a revised framework for assessing credibility, introducing indicators such as institutional support, academic recognition, day-to-day practitioner validation, and industrial adoption. Based on these new credibility indicators, we construct a classification scheme designed to guide the selection of ontologies that are relevant to specific security needs. We then apply this framework to a concrete use case: the Franco-Luxembourgish research project ANCILE, which illustrates how a credibility-aware evaluation can reshape ontology selection for operational contexts.