مدل معنایی حوزه امنیت اطلاعات: استخراج شبکه مفاهیم با رویکرد تحلیل انتشارات علمی و دلفی

هدف: ارائه مدل معنایی حوزه امنیت اطلاعات بر اساس شبکه مفاهیم، برای استفاده در هستی‌نگاری‌های دامنه است.روش‌شناسی: ترکیبی از روش‌های هم‌رخدادی واژگان، کتابخانه‌ای و دلفی استفاده شد. ابتدا با استفاده از تحلیل هم‌رخدادی واژگان، شبکه مفهومی 7547 مدرک علمی محققان حوزه امنیت اطلاعات، نمایه‌شده در پایگاه‌های اسکوپوس و وبگاه علوم در سال‌های 2013-2017 استخراج؛ سپس مدل معنایی جدید با استفاده از روش کتابخانه‌ای و تطبیق هفت مدل معنایی مرتبط با شبکه مفهومی ارائه، و در انتها با استفاده از تکنیک دلفی فازی میزان اجماع خبرگان دو حوزه علم اطلاعات و دانش‌شناسی و حوزه کامپیوتر مورد بررسی قرار گرفت.یافته‌ها: یافته‌ها نشان می‌دهد که شبکه مفهومی امنیت اطلاعات مستخرج از «وی.اُ.اس.ویوِر»، و «گِفی»، دارای 207 مفهوم مرجح و 2796 پیوند است. همچنین مدل معنایی دانش این حوزۀ بررسی‌شده توسط تحلیل عاملی تاییدی و مدل‌سازی ساختاری اسمارت پی ال اس دارای برازش کلی 0.710 و 11 رابطه معنایی تاییدشده در 5 کلاس اصلی، 6 زیرکلاس، و 71 مفهوم منتسب است.نتیجه‌گیری: شبکه مفهومی و همچنین مدل معنایی یافته‌شده در حوزه امنیت اطلاعات، قابل استنتاج در سیستم‌های اطلاعاتی و ماشین است و می‌توان با استفاده از این روش، هستی‌نگاری‌های دامنه سطح بالا، جهت بهینه‌سازی موتورهای جستجو ارائه کرد.

semantic model of information security: extracting conceptual network with analysis approach of scientific publications and delphi

purpose: considering the emergence and increasing expansion of various subject domains and the lack of a valid codified thesaurus, the main aim of this study is to provide a semantic model of information security based on a conceptual network for use in domain ontologies, so it is applied research.methodology: the research method is a combination of co-word analysis, library, and delphi methods. in the first stage, the conceptual network was extracted from 7547 scientific documents on information security using the co-words analysis method. these documents were indexed in the scopus databases and wos from 2013 to 2017. pre-processing operations on 19648 keywords and tags were done in a completely targeted manner by using five dictionaries in information security, and three dictionaries in computer science. with a minimum co-occurrence of 5 for each word in vos viewer, 207 preferred concepts were selected based on the latest version of the information security dictionary, and its conceptual network was mapped. by gephi, betweenness centrality, density, and clustering coefficient indices were checked. then in the second stage, for extracting a new semantic model, used the library method. so, seven related semantic models: security ontology, information security ontology, attack ontology, vulnerability ontology, existence - ontosec mapping, and threat taxonomy as well as the conceptual model of information systems security in libraries. these entities, classes, subclasses, relationships between them, concepts, and examples attributed to each class and subclass were studied and examined carefully. then, 207 conceptual network concepts were adapted to the common components of these models, and a new model was presented. finally, in third stage, using the fuzzy delphi technique, the consensus of experts in both fields of knowledge and information science (kis) and computer sciences was examined. using spss and kendall’s non-parametric test, the experts’ agreement coefficient about the classes and sub-classes, as well as their associated concepts, were investigated. 5 classes, 6 subclasses and also 71 concepts out of 97 common concepts with an agreement coefficient above 0.7 were obtained. finally, confirmatory factor analysis and smart pls structural modeling were used to check the correctness of the relationships governing the classes and subclasses in the conceptual model.findings: the main nodes and strong links in the conceptual network of information security include: information security, security, information system, privacy, telecommunication, information, intrusion detection system, cryptography, cyber security, authentication, network, risk, threat, and risk management framework. the extracted semantic model has a goodness of fitting (gof) of 0.710 and confirms 11 semantic relationships. these relationships include: requires level, diminish, threatens, exploited by, has source, uses of, lead to, attack, vulnerability on, implemented by, and reduce. also, it has 5 main classes, including information asset, security attribution, threat, vulnerability, and countermeasure. there are also 6 subclasses, which include threat source, access path (influence way), threat tools, and attack, all related to the threat class. additionally, there are technological countermeasures and organizational countermeasures, which are related to the countermeasure class. also, it was discovered that there are 71 attributive concepts, some of which include: password, smart card, user, integrity, hacker, malicious code, virus, distributed denial of service (ddos), risk management, backup, digital signature, penetration testing, antivirus, firewall, and so on.conclusion: the conceptual network and semantic model can be inferred in semantic systems and databases. this research can provide a new method for creating high-level ontologies to optimize search engines and reduce false dropping, as well as recover unwanted information.