We present ICAR, a mathematical framework derived from category theory for representing cybersecurity NIST and MITRE's ontologies. Designed for cybersecurity, ICAR is a category whose objects are cybersecurity knowledge (weakness, vulnerability, impacted product, attack technique, etc.) and whose morphisms are relations between this knowledge, that make sense for cybersecurity. Within this rigorous and unified framework, we obtain a knowledge graph capable of identifying the attack and weakness structures of an IS, at the interface between description logics, database theory and cybersecurity. We then define ten cybersecurity queries to help understand the risks incurred by IS and organise their defence.

翻译：我们提出ICAR——一个基于范畴论的数学框架，用于表示网络安全领域的NIST和MITRE本体。ICAR专为网络安全设计，其对象为网络安全知识（漏洞、弱点、受影响产品、攻击技术等），态射则为这些知识间具有网络安全意义的关联。在这一严谨统一的框架下，我们构建了一个能够识别信息系统攻击与弱点结构的知识图谱，该图谱处于描述逻辑、数据库理论与网络安全三者的交叉域。进而定义十项网络安全查询，以助理解信息系统面临的风险并组织防御体系。