{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T12:10:36Z","timestamp":1774959036031,"version":"3.50.1"},"reference-count":63,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:00:00Z","timestamp":1601510400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:00:00Z","timestamp":1601510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2020,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Threat modeling is of increasing importance to IT security, and it is a complex and resource demanding task. The aim of automating threat modeling is to simplify model creation by using data that are already available. However, the collected data often lack context; this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler. The lack of domain knowledge in modeling automation can be addressed with ontologies. In this paper, we introduce an ontology framework to improve automatic threat modeling. The framework is developed with conceptual modeling and validated using three different datasets: a small scale utility lab, water utility control network, and university IT environment. The framework produced successful results such as standardizing input sources, removing duplicate name entries, and grouping application software more logically.<\/jats:p>","DOI":"10.1186\/s42400-020-00060-8","type":"journal-article","created":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T00:02:37Z","timestamp":1601510557000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":35,"title":["Automating threat modeling using an ontology framework"],"prefix":"10.1186","volume":"3","author":[{"given":"Margus","family":"V\u00e4lja","sequence":"first","affiliation":[]},{"given":"Fredrik","family":"Heiding","sequence":"additional","affiliation":[]},{"given":"Ulrik","family":"Franke","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Lagerstr\u00f6m","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,10,1]]},"reference":[{"key":"60_CR1","first-page":"141","volume-title":"Enterprise modelling and information systems architectures : Proceedings of the 3rd international workshop on enterprise modelling and information systems architectures. vol. LNI P-152","author":"S Aier","year":"2009","unstructured":"Aier, S, Buckl S, Franke U, Gleichauf B, Johnson P, N\u00e4rman P, Schweda CM, Ullberg J (2009) A survival analysis of application life spans based on enterprise architecture models. In: Mendling J, Rinderle-Ma S, Esswein W (eds)Enterprise modelling and information systems architectures : Proceedings of the 3rd international workshop on enterprise modelling and information systems architectures. vol. LNI P-152, 141\u2013154.. Gesellschaft f\u00fcr Informatik, Bonn."},{"key":"60_CR2","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1007\/978-3-642-01915-9_5","volume-title":"Advances in Enterprise Engineering III","author":"S Aier","year":"2009","unstructured":"Aier, S, Gleichauf B, Saat J, Winter R (2009) Complexity levels of representing dynamics in ea planning. In: Albani A, Barjis J, Dietz JLG (eds)Advances in Enterprise Engineering III, 55\u201369.. Springer, Berlin."},{"key":"60_CR3","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1109\/CSF.2010.27","volume-title":"23rd IEEE Computer Security Foundations Symposium","author":"D Akhawe","year":"2010","unstructured":"Akhawe, D, Barth A, Lam PE, Mitchell J, Song D (2010) Towards a formal foundation of web security In: 23rd IEEE Computer Security Foundations Symposium, 290\u2013304.. IEEE, Edinburgh."},{"key":"60_CR4","doi-asserted-by":"crossref","unstructured":"Antunes, G, Bakhshandeh M, Mayer R, Borbinha J, Caetano A (2014) Using ontologies for enterprise architecture integration and analysis. Compl Syst Informa Model Q 1(1):1\u201323. https:\/\/doi.org\/10.7250\/csimq.2014-1.01 https:\/\/www.ingentaconnect.com\/content\/doaj\/22559922\/2014\/00000001\/00000001\/art00001.","DOI":"10.7250\/csimq.2014-1.01"},{"key":"60_CR5","doi-asserted-by":"publisher","first-page":"4536","DOI":"10.1109\/HICSS.2016.564","volume-title":"49th Hawaii International Conference on System Sciences (HICSS)","author":"G Antunes","year":"2016","unstructured":"Antunes, G, Borbinha J, Caetano A (2016) An application of semantic techniques to the analysis of enterprise architecture models In: 49th Hawaii International Conference on System Sciences (HICSS), 4536\u20134545.. IEEE, Honolulu. https:\/\/doi.org\/10.1109\/HICSS.2016.564."},{"key":"60_CR6","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1109\/EDOCW.2014.43","volume-title":"IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations","author":"C Antunes","year":"2014","unstructured":"Antunes, C, Caetano A, Borbinha J (2014) Enterprise architecture model analysis using description logics In: IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, 237\u2013244.. IEEE, Ulm. https:\/\/doi.org\/10.1109\/EDOCW.2014.43."},{"key":"60_CR7","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/SYSOSE.2015.7151918","volume-title":"10th System of Systems Engineering Conference (SoSE)","author":"J Axelsson","year":"2015","unstructured":"Axelsson, J (2015) A systematic mapping of the research literature on system-of-systems engineering In: 10th System of Systems Engineering Conference (SoSE), 18\u201323.. IEEE, San Antonio. https:\/\/doi.org\/10.1109\/SYSOSE.2015.7151918."},{"key":"60_CR8","doi-asserted-by":"crossref","first-page":"012031","DOI":"10.1088\/1742-6596\/1441\/1\/012031","volume":"1441","author":"II Barankova","year":"2020","unstructured":"Barankova, II, Mikhailova UV, Afanaseva MV (2020) Minimizing information security risks based on security threat modeling. J Phys Conf Ser 1441:012031.","journal-title":"J Phys Conf Ser"},{"key":"60_CR9","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1109\/CSMR.2013.37","volume-title":"17th European conference on software maintenance and reengineering","author":"BJ Berger","year":"2013","unstructured":"Berger, BJ, Sohr K, Koschke R (2013) Extracting and analyzing the implemented security architecture of business applications In: 17th European conference on software maintenance and reengineering, 285\u2013294.. IEEE, Genova. https:\/\/doi.org\/10.1109\/CSMR.2013.37."},{"key":"60_CR10","first-page":"1","volume-title":"Proceedings of the 7th international conference on management of computational and collective intelligence in digital ecosystems. MEDES \u201915","author":"EG Caldarola","year":"2015","unstructured":"Caldarola, EG, Picariello A, Rinaldi AM (2015) An approach to ontology integration for ontology reuse in knowledge based digital ecosystems In: Proceedings of the 7th international conference on management of computational and collective intelligence in digital ecosystems. MEDES \u201915, 1\u20138.. ACM, New York. https:\/\/doi.org\/2857218.2857219."},{"key":"60_CR11","doi-asserted-by":"crossref","unstructured":"Cardenas, AA, Roosta T, Sastry S (2009) Rethinking security properties, threat models, and the design space in sensor networks: A case study in scada systems. Ad Hoc Netw 7(8):1434\u20131447. https:\/\/doi.org\/10.1016\/j.adhoc.2009.04.012 http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1570870509000468, privacy and Security in Wireless Sensor and Ad Hoc Networks.","DOI":"10.1016\/j.adhoc.2009.04.012"},{"key":"60_CR12","doi-asserted-by":"publisher","first-page":"213","DOI":"10.7494\/csci.2019.20.2.3191","volume":"20","author":"FO Catak","year":"2019","unstructured":"Catak, FO, Yilmaz M, Gul E (2019) Sensor based cyber attack detections in critical infrastructures using deep learning algorithms. Comput Sci 20:213. https:\/\/doi.org\/10.7494\/csci.2019.20.2.3191.","journal-title":"Comput Sci"},{"key":"60_CR13","doi-asserted-by":"publisher","first-page":"127","DOI":"10.5220\/0005822501270134","volume-title":"Proceedings of the 18th international conference on enterprise information systems. ICEIS","author":"S. d Cesare","year":"2016","unstructured":"Cesare, S. d, Foy G, Lycett M (2016) 4d-setl In: Proceedings of the 18th international conference on enterprise information systems. ICEIS, 127\u2013134.. SCITEPRESS - Science and Technology Publications, Lda, Portugal. https:\/\/doi.org\/10.5220\/0005822501270134."},{"key":"60_CR14","doi-asserted-by":"publisher","unstructured":"Chen, Y, Boehm B, Sheppard L (2007) Value driven security threat modeling based on attack path analysis In: 40th Annual Hawaii International Conference on System Sciences (HICSS\u201907), 280a. https:\/\/doi.org\/10.1109\/HICSS.2007.601.","DOI":"10.1109\/HICSS.2007.601"},{"key":"60_CR15","doi-asserted-by":"crossref","first-page":"23","DOI":"10.46354\/i3m.2019.dhss.004","volume-title":"9th International Defense and Homeland Security Simulation Workshop, DHSS 2019","author":"B Chhaya","year":"2019","unstructured":"Chhaya, B, Jafer S, Proietti P, Marco BD (2019) An ontology for threat modeling and simulation of small unmanned aerial vehicles In: 9th International Defense and Homeland Security Simulation Workshop, DHSS 2019, 23\u201328.. Springer, Cham."},{"issue":"4","key":"60_CR16","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/MSP.2011.47","volume":"9","author":"D Dhillon","year":"2011","unstructured":"Dhillon, D (2011) Developer-driven threat modeling: Lessons learned in the trenches. IEEE Secur Priv 9(4):41\u201347.","journal-title":"IEEE Secur Priv"},{"key":"60_CR17","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1007\/11961635_17","volume":"4332","author":"A Ekelhart","year":"2006","unstructured":"Ekelhart, A, Fenz S, Klemen MD, Weippl ER (2006) Security ontology: Simulating threats to corporate assets, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). International Conference on Information Systems Security 4332:249\u2013259. LNCS cited By :20.","journal-title":"International Conference on Information Systems Security"},{"key":"60_CR18","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1109\/EDOCW.2015.40","volume-title":"IEEE 19th International Enterprise Distributed Object Computing Workshop","author":"M Ekstedt","year":"2015","unstructured":"Ekstedt, M, Johnson P, Lagerstr\u00f6m R, Gorton D, Nydr\u00e9n J, Shahzad K (2015) Securi cad by foreseeti: A cad tool for enterprise cyber security management In: IEEE 19th International Enterprise Distributed Object Computing Workshop, 152\u2013155.. IEEE, Adelaide."},{"key":"60_CR19","first-page":"14","volume-title":"Proceedings of the 4th international conference on ontology and semantic web patterns-volume 1188","author":"RA Falbo","year":"2013","unstructured":"Falbo, RA, Guizzardi G, Gangemi A, Presutti V (2013) Ontology patterns: clarifying concepts and terminology In: Proceedings of the 4th international conference on ontology and semantic web patterns-volume 1188, 14\u201326.. CEUR-WS. org, Aachen."},{"key":"60_CR20","volume-title":"13th International Conference on Enterprise Information Systems (ICEIS)","author":"M Farwick","year":"2011","unstructured":"Farwick, M, Agreiter B, Breu R, Ryll S, Voges K, Hanschke I (2011) Requirements for automated enterprise architecture model maintenance In: 13th International Conference on Enterprise Information Systems (ICEIS).. SciTePress - Science and and Technology Publications, Beijing."},{"key":"60_CR21","doi-asserted-by":"crossref","first-page":"3868","DOI":"10.1109\/HICSS.2013.200","volume-title":"System sciences (HICSS) 2013 46th hawaii international conference on","author":"M Farwick","year":"2013","unstructured":"Farwick, M, Breu R, Hauder M, Roth S, Matthes F (2013) Enterprise architecture documentation: Empirical analysis of information sources for automation In: System sciences (HICSS) 2013 46th hawaii international conference on, 3868\u20133877.. IEEE, Wailea."},{"key":"60_CR22","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1109\/EDOCW.2014.38","volume-title":"2014 IEEE 18th international enterprise distributed object computing conference workshops and demonstrations","author":"H Florez","year":"2014","unstructured":"Florez, H, Snchez M, Villalobos J (2014) iarchimate: A tool for managing imperfection in enterprise models In: 2014 IEEE 18th international enterprise distributed object computing conference workshops and demonstrations, 201\u2013210.. IEEE, Ulm. https:\/\/doi.org\/10.1109\/EDOCW.2014.38."},{"key":"60_CR23","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/978-3-540-92673-3_10","volume-title":"Handbook on ontologies","author":"A Gangemi","year":"2009","unstructured":"Gangemi, A, Presutti V (2009) Ontology design patterns In: Handbook on ontologies, 221\u2013243.. Springer, Berlin."},{"key":"60_CR24","doi-asserted-by":"crossref","first-page":"1055","DOI":"10.1007\/978-981-13-6508-9_128","volume":"517","author":"L Gong","year":"2020","unstructured":"Gong, L, Tian Y (2020) Threat modeling for cyber range: an ontology-based approach. Lect Notes Electr Eng 517:1055\u20131062.","journal-title":"Lect Notes Electr Eng"},{"key":"60_CR25","doi-asserted-by":"crossref","unstructured":"Gruber, TR (1995) Toward principles for the design of ontologies used for knowledge sharing?Int J Hum-Comput Stud 43(5):907\u2013928. https:\/\/doi.org\/10.1006\/ijhc.1995.1081 http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1071581985710816.","DOI":"10.1006\/ijhc.1995.1081"},{"key":"60_CR26","first-page":"65","volume-title":"Conceptual Modeling \u2014 ER","author":"G Guizzardi","year":"2003","unstructured":"Guizzardi, G, Herre H, Wagner G (2003) On the general ontological foundations of conceptual modeling. In: Spaccapietra S, March ST, Kambayashi Y (eds)Conceptual Modeling \u2014 ER, 65\u201378.. Springer Berlin Heidelberg, Berlin, Heidelberg."},{"key":"60_CR27","first-page":"112","volume-title":"Advanced Information Systems Engineering","author":"G Guizzardi","year":"2004","unstructured":"Guizzardi, G, Wagner G, Guarino N, van Sinderen M (2004) An ontologically well-founded profile for uml conceptual models. In: Persson A Stirna J (eds)Advanced Information Systems Engineering, 112\u2013126.. Springer Berlin Heidelberg, Berlin, Heidelberg."},{"key":"60_CR28","doi-asserted-by":"crossref","unstructured":"Hinkelmann, K, Gerber A, Karagiannis D, Thoenssen B, Van der Merwe A, Woitsch R (2016) A new paradigm for the continuous alignment of business and IT: Combining enterprise architecture modelling and enterprise ontology. Comput Ind 79:77\u201386.","DOI":"10.1016\/j.compind.2015.07.009"},{"key":"60_CR29","volume-title":"On using conceptual data modeling for ontology engineering","author":"M Jarrar","year":"2003","unstructured":"Jarrar, M, Demey J, Meersman R (2003) On using conceptual data modeling for ontology engineering. Springer Berlin Heidelberg, Berlin, Heidelberg."},{"issue":"2","key":"60_CR30","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1109\/TST.2014.6787363","volume":"19","author":"R Jiang","year":"2014","unstructured":"Jiang, R, Lu R, Wang Y, Luo J, Shen C, Shen X (2014) Energy-theft detection issues for advanced metering infrastructure in smart grid. Tsinghua Sci Technol 19(2):105\u2013120. https:\/\/doi.org\/10.1109\/TST.2014.6787363.","journal-title":"Tsinghua Sci Technol"},{"key":"60_CR31","first-page":"1","volume-title":"Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018 the 13th International Conference","author":"P Johnson","year":"2018","unstructured":"Johnson, P, Lagerstrm R, Ekstedt M (2018) A meta language for threat modeling and attack simulations In: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018 the 13th International Conference, 1\u20138.. ACM Press, Hamburg."},{"key":"60_CR32","volume-title":"It management with enterprise architecture","author":"P Johnson","year":"2014","unstructured":"Johnson, P, Lagerstr\u00f6m R, Ekstedt M, \u00d6sterlind M (2014) It management with enterprise architecture. KTH, Stockholm."},{"issue":"3","key":"60_CR33","doi-asserted-by":"crossref","first-page":"30","DOI":"10.4304\/jsw.2.3.30-42","volume":"2","author":"P Johnson","year":"2007","unstructured":"Johnson, P, Lagerstr\u00f6m R, N\u00e4rman P, Simonsson M (2007) Extended influence diagrams for system quality analysis. J Softw 2(3):30\u201342.","journal-title":"J Softw"},{"key":"60_CR34","first-page":"41","volume":"2","author":"ED Knapp","year":"2014","unstructured":"Knapp, ED, Langill JT (2014) Industrial network security: securing critical infrastructure networks for smart grid, scada, and other industrial control systems. Syngress 2:41\u201384.","journal-title":"Syngress"},{"key":"60_CR35","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1145\/3055386.3055393","volume-title":"Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids","author":"M Korman","year":"2017","unstructured":"Korman, M, V\u00e4lja M, Bj\u00f6rkman G, Ekstedt M, Vernotte A, Lagerstr\u00f6m R (2017) Analyzing the effectiveness of attack countermeasures in a scada system In: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, 73\u201378.. Association for Computing Machinery, New York."},{"issue":"6","key":"60_CR36","first-page":"21","volume":"28","author":"AJ Kornecki","year":"2015","unstructured":"Kornecki, AJ, Janusz Z (2015) Threat modeling for aviation computer security. CrossTalk 28(6):21\u201327.","journal-title":"CrossTalk"},{"key":"60_CR37","first-page":"369","volume":"11252","author":"B Krumay","year":"2018","unstructured":"Krumay, B, Bernroider E, Walser R (2018) Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework: 23rd Nordic Conference, NordSec 2018, Oslo, Norway, November 28-30, 2018. Proceedings 11252:369\u2013384.","journal-title":"Proceedings"},{"issue":"4","key":"60_CR38","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1007\/s11219-010-9100-0","volume":"18","author":"R Lagerstr\u00f6m","year":"2010","unstructured":"Lagerstr\u00f6m, R, Johnson P, Ekstedt M (2010) Architecture analysis of enterprise systems modifiability: a metamodel for software change cost estimation. Softw Qual J 18(4):437\u2013468.","journal-title":"Softw Qual J"},{"issue":"4","key":"60_CR39","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1016\/j.aei.2005.01.005","volume":"18","author":"MM Lankhorst","year":"2004","unstructured":"Lankhorst, MM, van Buuren R, van Leeuwen D, Jonkers H, ter Doest H (2004) Enterprise architecture modelling \u2013 the issue of integration. Adv Eng Inform 18(4):205\u2013216.","journal-title":"Adv Eng Inform"},{"key":"60_CR40","first-page":"303","volume-title":"ACM International conference proceeding series","author":"R Luh","year":"2016","unstructured":"Luh, R, Schrittwieser S, Marschalek S (2016) Taon: An ontology-based approach to mitigating targeted attacks In: ACM International conference proceeding series, 303\u2013312.. Association for Computing Machinery, New York. cited By :2."},{"issue":"2","key":"60_CR41","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1109\/5254.920602","volume":"16","author":"A Maedche","year":"2001","unstructured":"Maedche, A, Staab S (2001) Ontology learning for the semantic web. IEEE Intell Syst 16(2):72\u201379. https:\/\/doi.org\/10.1109\/5254.920602.","journal-title":"IEEE Intell Syst"},{"issue":"2","key":"60_CR42","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/5254.920602","volume":"16","author":"A Maedche","year":"2001","unstructured":"Maedche, A, Staab S (2001) Ontology learning for the semantic web. IEEE Intell Syst 16(2):72\u201379.","journal-title":"IEEE Intell Syst"},{"key":"60_CR43","volume-title":"Ontology learning","author":"A Maedche","year":"2004","unstructured":"Maedche, A, Staab S (2004) Ontology learning. Springer Berlin Heidelberg, Berlin, Heidelberg."},{"issue":"2","key":"60_CR44","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1002\/spe.2111","volume":"43","author":"A Marback","year":"2013","unstructured":"Marback, A, Do H, He K, Kondamarri S, Xu D (2013) A threat model-based approach to security testing. Softw Pract Experience 43(2):241\u2013258. cited By :28.","journal-title":"Softw Pract Experience"},{"key":"60_CR45","volume-title":"ACM International Conference Proceeding Series","author":"S Marksteiner","year":"2019","unstructured":"Marksteiner, S, Ramler R, Sochor H (2019) Integrating threat modeling and automated test case generation into industrialized software security testing In: ACM International Conference Proceeding Series.. ACM Press, New York."},{"issue":"11","key":"60_CR46","doi-asserted-by":"crossref","first-page":"1670","DOI":"10.1002\/sec.863","volume":"7","author":"S Moral-Garca","year":"2014","unstructured":"Moral-Garca, S, Moral-Rubio S, Rosado DG, Fernndez EB, Fernndez-Medina E (2014) Enterprise security pattern: A new type of security pattern. Secur Commun Netw 7(11):1670\u20131690. cited By :7.","journal-title":"Secur Commun Netw"},{"key":"60_CR47","doi-asserted-by":"publisher","first-page":"3104","DOI":"10.1109\/TSG.2015.2409775","volume":"6","author":"S Pan","year":"2015","unstructured":"Pan, S, Morris T, Adhikari U (2015) Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans Smart Grid 6:3104\u20133113. https:\/\/doi.org\/10.1109\/TSG.2015.2409775.","journal-title":"IEEE Trans Smart Grid"},{"key":"60_CR48","first-page":"127","volume-title":"World Congress on Internet Security (WorldCIS-2012)","author":"P Patil","year":"2012","unstructured":"Patil, P, Pawar S (2012) Remote agent based automated framework for threat modelling, vulnerability testing of soa solutions and web services In: World Congress on Internet Security (WorldCIS-2012), 127\u2013131.. IEEE, Guelph."},{"issue":"2","key":"60_CR49","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/MNET.2004.1276605","volume":"18","author":"D Pei","year":"2004","unstructured":"Pei, D, Zhang L, Massey D (2004) A framework for resilient internet routing protocols. IEEE Network 18(2):5\u201312. cited By :17.","journal-title":"IEEE Network"},{"issue":"4","key":"60_CR50","doi-asserted-by":"publisher","first-page":"441","DOI":"10.1007\/s10115-003-0138-1","volume":"6","author":"HS Pinto","year":"2004","unstructured":"Pinto, HS, Martins JP (2004) Ontologies: How can they be built?Knowl Inf Syst 6(4):441\u2013464. https:\/\/doi.org\/10.1007\/s10115-003-0138-1.","journal-title":"Knowl Inf Syst"},{"key":"60_CR51","volume-title":"European Conference on Information Systems (ECIS), International.","author":"B Pittl","year":"2017","unstructured":"Pittl, B, Fill HG, Honegger G (2017) Enabling risk-aware enterprise modeling using semantic annotations and visual rules In: European Conference on Information Systems (ECIS), International.. AIS, Guimar\u00e3es."},{"issue":"4","key":"60_CR52","first-page":"3","volume":"23","author":"E Rahm","year":"2000","unstructured":"Rahm, E, Do HH (2000) Data cleaning: Problems and current approaches. IEEE Data Eng Bull 23(4):3\u201313.","journal-title":"IEEE Data Eng Bull"},{"key":"60_CR53","volume-title":"Wirtschaftsinformatik Proceedings","author":"S Roth","year":"2013","unstructured":"Roth, S, Hauder M, Farwick M, Breu R, Matthes F (2013) Enterprise architecture documentation: Current practices and future directions In: Wirtschaftsinformatik Proceedings.. AIS, Leipzig."},{"issue":"3","key":"60_CR54","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1109\/MP.2004.1341780","volume":"23","author":"H Tu","year":"2004","unstructured":"Satnam Singh, Tu H, Allanach J, Areta J, Willett P, Krishna Pattipati (2004) Modeling threats. IEEE Potentials 23(3):18\u201321.","journal-title":"IEEE Potentials"},{"issue":"5","key":"60_CR55","doi-asserted-by":"publisher","first-page":"599","DOI":"10.1057\/palgrave.ejis.3000683","volume":"16","author":"P Soffer","year":"2007","unstructured":"Soffer, P, Hadar I (2007) Applying ontology-based rules to conceptual modeling: a reflection on modeling decision making. Eur J Inf Syst 16(5):599\u2013611. https:\/\/doi.org\/10.1057\/palgrave.ejis.3000683.","journal-title":"Eur J Inf Syst"},{"key":"60_CR56","doi-asserted-by":"crossref","unstructured":"Song, F, Zacharewicz G, Chen D (2013) An ontology-driven framework towards building enterprise semantic information layer. Adv Eng Inform 27(1):38\u201350. https:\/\/doi.org\/https:\/\/doi.org\/10.1016\/j.aei.2012.11.003 http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1474034612001048, modeling, Extraction, and Transformation of Semantics in Computer Aided Engineering.","DOI":"10.1016\/j.aei.2012.11.003"},{"issue":"3","key":"60_CR57","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/MSP.2010.110","volume":"8","author":"J Steven","year":"2010","unstructured":"Steven, J (2010) Threat modeling - perhaps it\u2019s time. IEEE Secur Priv 8(3):83\u201386. https:\/\/doi.org\/10.1109\/MSP.2010.110.","journal-title":"IEEE Secur Priv"},{"issue":"5","key":"60_CR58","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1109\/MSP.2005.119","volume":"3","author":"P Torr","year":"2005","unstructured":"Torr, P (2005) Demystifying the threat modeling process. IEEE Secur Priv 3(5):66\u201370. https:\/\/doi.org\/10.1109\/MSP.2005.119.","journal-title":"IEEE Secur Priv"},{"key":"60_CR59","volume-title":"International Conference on Computer Systems and Technologies, CompSysTech. vol. 6","author":"O Vasilecas","year":"2006","unstructured":"Vasilecas, O, Bugaite D, Trinkunas J (2006) On approach for enterprise ontology transformation into conceptual model In: International Conference on Computer Systems and Technologies, CompSysTech. vol. 6.. Association for Computing Machinery, New York."},{"key":"60_CR60","doi-asserted-by":"crossref","first-page":"20","DOI":"10.7250\/csimq.2019-20.02","volume":"20","author":"M Vlja","year":"2019","unstructured":"Vlja, M, Lagerstrm R, Franke U, Ericsson G (2019) A framework for automatic it architecture modeling: Applying truth discovery. Complex Syst Inform Model Q 20:20\u201356.","journal-title":"Complex Syst Inform Model Q"},{"key":"60_CR61","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","volume":"84","author":"W Xiong","year":"2019","unstructured":"Xiong, W, Lagerstrm R (2019) Threat modeling a systematic literature review. Comput Secur 84:53\u201369. cited By :5.","journal-title":"Comput Secur"},{"issue":"4","key":"60_CR62","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1109\/TSE.2006.40","volume":"32","author":"D Xu","year":"2006","unstructured":"Xu, D, Nygard KE (2006) Threat-driven modeling and verification of secure software using aspect-oriented petri nets. IEEE Trans Softw Eng 32(4):265\u2013278. cited By :112.","journal-title":"IEEE Trans Softw Eng"},{"issue":"4","key":"60_CR63","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1109\/TDSC.2012.24","volume":"9","author":"D Xu","year":"2012","unstructured":"Xu, D, Tu M, Sanford M, Thomas L, Woodraska D, Xu W (2012) Automated security test generation with formal threat models. IEEE Trans Dependable Secure Comput 9(4):526\u2013540. https:\/\/doi.org\/10.1109\/TDSC.2012.24.","journal-title":"IEEE Trans Dependable Secure Comput"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-020-00060-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-020-00060-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-020-00060-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,1]],"date-time":"2021-10-01T02:32:37Z","timestamp":1633055557000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-020-00060-8"}},"subtitle":["Validated with data from critical infrastructures"],"short-title":[],"issued":{"date-parts":[[2020,10,1]]},"references-count":63,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["60"],"URL":"https:\/\/doi.org\/10.1186\/s42400-020-00060-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10,1]]},"assertion":[{"value":"13 May 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 September 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 October 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"19"}}