Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding

Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding

연구 분야: Databases

학회: International Conference on Network Simulation and Evaluation

With the fast development of information technologies, cyberspace security has received attention from many areas. Attackers leverage a diverse range of tactics, such as exploits, weakness discovery, and sophisticated attacks, with the intent to gain unauthorized access to targeted systems, while defenders can detect the potential attacks through heterogeneous sources of threat clues. Public cyber threat databases such as the Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide a rich repository of security-related entities and relations. These databases are pivotal in enhancing the understanding of cyberspace security and conducting comprehensive analysis for defenders. However, these databases have rarely been semantically cross-analyzed, a crucial strategy in pinpointing missing threat patterns. We aggregate data from separate sources into a threat knowledge graph and develop a novel knowledge representation learning method called 4CKGE (CAPEC-CWE-CVE-CPE Knowledge Graph Embedding).We extract and utilize more in-depth structural and textual information to be able to predict correlations between security entities such as products, vulnerabilities, weaknesses and attack patterns.Through extensive experiments, our proposed approach outperforms existing state-of-theart methods for effectively predicting the relations between security entities. The experimental results validate the effectiveness of our cyber threat knowledge graph in discovering concealed relations, highlighting its potential to fortify cybersecurity countermeasures.