Ontology and weighted D-S evidence theory-based vulnerability data fusion method

With the rapid development of high-speed and large-scale complex network, network vulnerability data presents the characteristics of massive, multi-source and heterogeneous, which makes data fusion become more complex. Although existing data fusion methods can fuse multi-source data, they do not consider that the multi-source data may affect the accuracy of fusion result. To solve this problem, we propose an ontology and weighted D-S evidence theory-based vulnerability data fusion method. In our method, we utilize ontology to describe the network vulnerability semantically and construct the network vulnerability ontology hierarchically. Then we use weighted D-S evidence theory to perform the operation of probability distribution and fusion processing. Besides, we simulate our method on MapReduce parallel computing platform. The experiment results show that our method is more effective and accurate compared with existing fusion approaches using single detection tool and traditional D-S evidence theory.