GC-PTransE: multi-step attack inference method based on graph convolutional neural network and translation embedding

GC-PTransE: multi-step attack inference method based on graph convolutional neural network and translation embedding

연구 분야: Databases

학회: Knowledge and Information Systems

Due to the increasing complexity of cyberattacks, their varied and complex methods pose risks to individuals, organizations, and governments, making the prediction of complex, multi-step cyberattacks a crucial aspect of cyberdefense. However, current methods for predicting cyberattacks mostly focus on single-query, single-step link scenarios and only consider direct relationships between entities, overlooking the complex inference patterns embedded within cyberattack graphs. Consequently, this paper proposes a multi-step attack inference method called GC-PTransE, based on graph convolutional neural networks and translational embedding. By classifying and embedding knowledge graphs of cyberattacks, it effectively represents entities and their relationships, uncovers hidden associations in multi-hop paths, and accurately predicts cyberattack scenarios. The method first classifies cyberattack data using graph convolutional neural networks (GCN) and then embeds the symbolic and descriptive information of cyberattack entities into a low-dimensional continuous vector space using PTransE. It navigates the graph structure data along the paths of triples to identify entities and relationships in cyberattack scenarios. Using the PCRA algorithm, it assigns a confidence level to each path and selects paths based on their confidence levels. It combines path relationships and scores the energy of new triples to predict outcomes, further completing the cyberattack knowledge graph. Based on our constructed dataset, the proposed method was evaluated, and the experimental results show that this technique significantly improves accuracy in inference prediction compared to other embedding inference models. Comparisons with real cyberattack knowledge demonstrate the effectiveness of this method.