SEKE15: An ontology for describing security events
Mining security events helps with better precautionary planning for community safety. However, incident records are expressed in diverse and application dependent formats which impedes common comprehension for automatic knowledge extraction and reasoning. In this paper, we present Security Incident Ontology, SIO, a novel light-weight domain ontology for security incidents. We use Timeline to annotate the temporal facts of incidents and adopt Event to represent any security issues from indecent behavior to assault to more adverse crime which raises the security alarm in a community. It will present a unique way to the security incident detectors, a police officer, Robocops, or intelligent CCTV cameras, to report security events. We use SIO in populating security incident notifications of Integrated Risk Management (IRM) at Ryerson University to evaluate its competency, for Ryerson University campus has both business and housing area in the vicinity and encompass not only high rate, but also a wide variety of different security issues. SIO is developed in OWL 2 with Prot辿g辿.
SEKE15: An ontology for describing security events
- 3. Assault with a Weapon (Ink Pen) Incident Details: On Monday November 03, 2014, at approximately 11:45 AM, Ryerson Security & Emergency Services were made aware of the following incident:Approximately forty- five minutes earlier, the victim, a Ryerson community member, was approached by the subject on the 8th floor of the Ted Rogers School of Management (TRS) building, on the north end of the east corridor, near to the escalators. The victim noticed ... The subject then raised and swung his arm downward towards the victim with a pen in his hand... The subject was last observed exiting the Ted Rogers School of Management (TRS) building at approximately 11:05 PM and walking eastbound on the south sidewalk of Dundas Street east. Ryerson University Security & Emergency Services conducted safety planning with the victim and a patrol of the area, but did not locate a person matching the subjects description. The victim reported no physical injuries, declined medical attention, and did not want Toronto Police Services involved at this time. Suspect information: Male, Approximately 20-25 years of age, Light/fair complexion, Short black hair in a brush cut, Wearing blue jeans, a dark- green long-sleeved shirt, beige shoulder bag, black running shoes with white soles, and eye glasses
- 5. Information Extraction from Notifications Transform to Security Incident Ontology (SIO) Schema Updating Data Mart
- 8. Available on the web (whatever format) but with an open license, to be Open Data Available as machine-readable structured data (e.g. excel instead of image scan of a table) non-proprietary format (e.g. CSV instead of excel) Use open standards from W3C (RDF and SPARQL) to identify things, so that people can point at your stuff Link your data to other peoples data to provide context Ontology http://semionet.rnet.ryerson.ca/ontologies/sio.owl Virtuoso Endpoint http://141.117.3.88:8890/sparql Graph IRI http://ls3.rnet.ryerson.ca/SecurityIncident/test
- 9. Train & Build a NER to Security Events Text Improve the Quality of the SIO - Provenance - Anonymization - Documentation Register to LOD Cloud
- 10. ls3.rnet.ryerson.ca Electrical & Computer Dept. Ryerson University Toronto Canada
Editor's Notes
- #3: Ryerson University believes an informed community is a safer one. The Integrated Risk Management (IRM) system notifies all Ryerson staff, students, faculty and alumni (who have graduated within the past five years) by security incident alarms which are delivered directly via email [12]. For the urban campus is located at the downtown center of Toronto, the most populous, yet commercial capital city in Canada [13], such system seems indispensable to continually enhance the safety and security of the community. Toronto Police Service (TPS) provides several mailing lists for which citizens of different divisions can sign up to be kept up-to-date on current happenings across the city, and in their community
- #4: Each notification includes temporal facts of the incident, location, victim and suspect details, and a brief account of whole event
- #7: NER: Named Entity Recognizer: working properly in general text corpus and will fail in our domain specific context. (7 class model trained: Time, Location, Organization, Person, Money, Percent, Date)
- #8: Foaf: friend of a freind Wn:wordnet Time:timeline
- #10: Since incident information will come from different sources, the ontology should be enriched with provenance information; there are some ontologies for modeling provenance that can be used (e.g., W3C PROV-O). problem of anonymization (in order not to disclose personal information) and the effects on the ontology or the data to be represented. In order to publish the ontology, the authors should use the ontology URI (without file extension) and configure properly content negotiation. Furthermore, the ontology classes and properties must be documented.