Nowadays ontologies are widely used, as a tool to describe the various domains. In the field of computer security ontologies are used in the semantic controlling access, build repositories, ets.

In the context of the problem studied in this paper, ontology is a description of a partially ordered set of concepts to be used by agents that detect security threats. The ontology should define a subset of the concepts that multi-agent subsystem agents use for cooperative solutions of tasks, and provide a basis for interaction of agents [1]. Each agent uses a specific fragment of the shared ontology. Each agent specialty reflects a subset of concepts, some of which may be shared by several agents. The ontology of multi-agent subsystem consists of the following concepts:

• Knowledge domain of agents providing security,
• Types of threats,
• Functioning of agents.

Knowledge domain of agents providing security sets functionality and areas of responsibility of each agent. Operation of agents includes the concept of agents interaction, which is an instrument of cooperation and communication and it is carried out by means of language. The interaction of multi-agent subsystem agents is constructed using the language of communication. On the basis of ontology it is created scenarios of agents behavior, it is determined the content of the agents knowledge base, which defines the actions of agents to find and eliminate security threats. Ontology structure of the multi-agent subsystem is shown in Fig. 1.

Fig. 1. The structure of the ontology of multi-agent subsystem analyzing user posts in social networks in order to identify security threats to society

To solve this problem, authors used Descriptions and Situations (DnS) ontology [3]. It is constructivist ontology [4]. The basis DnS constitutes a definition of the situation, description and state of affairs.

As a base for ontology was used ’ontologised’ dictionary WordNet 3.1. WordNet can be interpreted and used as a lexical ontology.

One of the possible variants of work of search agent with ontology. For example, the following post was published:

«Tell me, Will. Did you enjoy it? Your first murder? Of course you did. And why shouldn't it feel good? It does to God.»  («Red Dragon» film by Brett Ratner, 2002).

While analyzing the post the search agent will find the word murder which is pinged in the dictionary WordNet as unlawful premeditated killing of a human being by a human being (Fig.2) and that is relevant to the threat categories in the developed ontology and would mark this post as a potential threat, forming a corresponding report.

Fig. 2. The meaning of the word murder and its synonymic line in the WordNet dictionary

Multi-agent subsystem using the developed ontology was tested on the website for blogging on the basis of WordPress. Selection accuracy was about 75%. Errors made in the analysis of user posts, connected with the incomplete descriptions of security threats and the fact that not all the features of natural language were taken into account.

Conclusions

The developed ontology is universal and can be focused on any class of security threats. The authors plan to expand the developed ontology using the methods of psycholinguistics, with the aim of recognition of a class of threats, extend the capabilities of multi-agent subsystem agents and envisage the possibility of agents learning.

2. Task Taxonomies for Knowledge Content (2011), Available at: http://www.loa.istc.cnr.it/Papers/D07_v21a.pdf

3. Developing an ontology for semantic access control (2010), Available at: http://blog.vadimii.com/assets/files/rights-ont.pdf

4. Current version – WordNet – Current version (2013), Available: http://wordnet.princeton.edu/wordnet/download/current-version/