PAPO: A Phishing Attack Process Ontology

This repository hosts PAPO, a core ontology that aims to characterizes the process of phishing attack incidents by leveraging the Unified Foundational Ontology (UFO) and OntoUML. By addressing the ambiguities and inconsistencies in existing definitions of phishing attacks, PAPO seeks to support interoperability and clarity across various applications and facilitate phishing research.

PAPO ontologically unpacks our characterization of the phishing attack process as a complex event wherein: (1) a phisher impersonates a reputable agent, (2) exploits the target's trust in this agent, (3) aims to trick the target into taking the attacker's desired action, (4) offering supposedly plausible reasons for this behavior.

Repository permanent URL: http://w3id.org/phishing-process-ontology/git

Published HTML documenting PAPO OWL: https://italojsoliveira.github.io/phishing-process-ontology/

Project Structure

• /docs contains files for PAPO OWL documentation published at https://italojsoliveira.github.io/phishing-process-ontology/.
• /documentation contains a html document generated by this service explaining PAPO OWL. It serves as preliminary documentation and is published at the aforementioned URL.
• /ontouml contains files related to the conceptual version of PAPO, which is represented in OntoUML language.
  • The OntoUML model in VPP.
  • The OntoUML model serialized to JSON using OntoUML-Schema.
  • The images of the diagrams in JPEG, including an illustrative example in the UML Object Diagram.
  • /archive contains old versions of PAPO.
• /owl contains files related to the gUFO-based implementation of PAPO, represented in OWL.
• /resources will contain support files like logos, PDF files, etc.

Reusing .vpp files

• To open and edit VPP files, use Visual Paradigm.
• To open and edit TTL files, you can use Protégé.

Built with

• Visual Paradigm - a UML CASE tool that offers a free community edition version.
• The OntoUML Plugin for Visual Paradigm.

How to Cite

If you use this work in your research, please cite it as follows:

APA Style Citation:

Oliveira, Í., Wagner, G., Amaral, G., Sales, T. P., Bullée, J.-W., Junger, M., Sarmah, D. K., Daneva, M., & Guizzardi, G. (2025). An Ontological Model of the Phishing Attack Process. In: Guizzardi, R., Pufahl, L., Sturm, A., van der Aa, H. (eds) Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2025 2025. Lecture Notes in Business Information Processing, vol 558. Springer, Cham. https://doi.org/10.1007/978-3-031-95397-2_17

BibTeX Citation:

bibtex @inproceedings{oliveira2025ontological, title={An Ontological Model of the Phishing Attack Process}, author={Oliveira, {\'I}talo and Wagner, Gerd and Amaral, Glenda and Sales, Tiago Prince and Bull{\'e}e, Jan-Willem and Junger, Marianne and Sarmah, Dipti K and Daneva, Maya and Guizzardi, Giancarlo}, booktitle={International Conference on Business Process Modeling, Development and Support, International Conference on Evaluation and Modeling Methods for Systems Analysis and Development}, pages={274--289}, year={2025}, organization={Springer}, }

You can download the full paper here.

[!NOTE] This paper won the Best Paper Award at EMMSAD 2025.

How to Contribute

Contributions are welcome! If you would like to contribute, you can create Pull Requests (PRs) or open issues in the repository.

Authors

This work was developed by researchers from the Semantics, Cybersecurity & Services (SCS) Group, the Industrial Engineering & Business Information Systems (IEBIS) Group, University of Twente, The Netherlands, and the Institute of Informatics, Brandenburg University of Technology, Cottbus, Germany.

• Ítalo Oliveira
• Gerd Wagner
• Glenda Amaral
• Tiago Prince Sales
• Jan-Willem Bullée
• Marianne Junger
• Dipti K. Sarmah
• Maya Daneva
• Giancarlo Guizzardi