Vulnerability Information Completion Based on Security Knowledge Graph and Reverse Features

doi:10.19678/j.issn.1000-3428.0067273

Abstract

Abstract:

The open-source network security knowledge base has become an effective source of vulnerability security reinforcement measures. However, because of the difficulty in heterogeneous information collaboration and historical information maintenance, the problem of missing vulnerability information in the open-source network security knowledge base has always existed. VulKGC-RN, a vulnerability information completion method based on security knowledge graph and reverse features, is proposed to address the issue of insufficient learning of different neighborhood features in existing methods for vulnerability information completion. This method constructs a vulnerability security knowledge graph that associates four types of open-source network security knowledge bases (CVE, CWE, CAPEC, and ATT & CK) to capture different neighborhood details. The network structure of security entities in the vulnerability security knowledge graph is analyzed, and reverse neighborhood information is captured using a reverse knowledge graph. A graph attention mechanism is adopted to learn different neighborhood features, and the role features of the forward and reverse neighborhoods of the security entities learned by the graph attention network are fused to complete the information of the vulnerability security knowledge graph. Experiments are conducted on an open-source network security dataset consisting of 5 types of 7 199 security entities and 15 types of 11 817 association relationships. The results show that VulKGC-RN achieves a Mean Ranking (MR) of 179 and a Mean Reciprocal Ranking (MRR) of 0.671 4, which is superior to those of the baseline method.

Key words: network security knowledge base, vulnerability, security knowledge graph, knowledge graph completion, graph attention network

摘要：

开源网络安全知识库已经成为弱点安全加固措施的有效来源，但是受异构信息协同难、历史信息维护难等因素影响，导致开源网络安全知识库弱点信息缺失。针对现有弱点信息补全方法对弱点信息不同邻域特征学习不充分的问题，提出一种基于安全知识图谱和逆向特征的弱点信息补全方法VulKGC-RN。为捕获不同邻域信息，构建关联CVE、CWE、CAPEC和ATT & CK 4类开源网络安全知识库的弱点安全知识图谱，并分析弱点安全知识图谱中安全实体的网络结构，采用逆向知识图谱捕获逆向邻域信息。为学习不同邻域特征，采用图注意力机制，并融合图注意力网络所学习安全实体的正向邻域和逆向邻域的角色特征，以实现弱点安全知识图谱的信息补全。在由5种7 199个安全实体和15种11 817条关联关系组成的开源网络安全数据集上进行实验，结果表明，VulKGC-RN的平均排名达到179，平均倒数排名达到0.671 4，优于基线方法。

关键词: 网络安全知识库, 漏洞弱点, 安全知识图谱, 知识图谱补全, 图注意力网络

Sha ZHOU, Guowei SHEN, Chun GUO. Vulnerability Information Completion Based on Security Knowledge Graph and Reverse Features[J]. Computer Engineering, 2024, 50(1): 145-155.

周莎, 申国伟, 郭春. 基于安全知识图谱与逆向特征的弱点信息补全[J]. 计算机工程, 2024, 50(1): 145-155.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0067273

http://www.ecice06.com/EN/Y2024/V50/I1/145

Figures/Tables 11

References 31

1	MITRE. Common vulnerabilities and exposures [EB/OL]. [2023-02-23]. https://www.cve.org/.
2	MITRE. Common weakness enumeration [EB/OL]. [2023-02-23]. https://cwe.mitre.org/index.html.
3	MITRE. Common attack pattern enumerations and classifications [EB/OL]. [2023-02-23]. https://capec.mitre.org/.
4	MITRE. Adversarial tactics, techniques, and common knowledge[EB/OL]. [2023-02-23]. https://attack.mitre.org/.
5	MITRE. CVE-2022-3001[EB/OL]. [2023-02-23]. https://nvd.nist.gov/vuln/detail/CVE-2022-3001.
6	MITRE. CWE-20[EB/OL]. [2023-02-23]. https://cwe.mitre.org/data/definitions/20.html.
7	MITRE. CAPEC-10[EB/OL]. [2023-02-23]. https://capec.mitre.org/data/definitions/10.html.
8	BRICKLEY D, GUHA R V, LAYMAN A. Resource description framework(RDF)schema specification[EB/OL]. [2023-02-23]. http://www.w3.org/TR/PR-rdf-schema, 1998.
9	MCGUINNESS D, VAN HARMELEN F. OWL Web ontology language overview. W3C Recommendation, 2004, 10(10): 2004.
10	DU X Y. A survey on ontology learning research. Journal of Software, 2006, 17(9): 1837. doi: 10.1360/jos171837
11	张凯, 刘京菊. 一种基于知识图谱的威胁路径生成方法. 计算机仿真, 2022, 39(4): 350- 356.
	ZHANG K, LIU J J. A threat path generation method based on knowledge graph. Computer Simulation, 2022, 39(4): 350- 356.
12	王硕, 王建华, 汤光明, 等. 一种智能高效的最优渗透路径生成方法. 计算机研究与发展, 2019, 56(5): 929- 941.
	WANG S, WANG J H, TANG G M, et al. Intelligent and efficient method for optimal penetration path generation. Journal of Computer Research and Development, 2019, 56(5): 929- 941.
13	杨艳丽, 宋礼鹏. 融合社交网络威胁的攻击图生成方法. 计算机工程, 2021, 47(5): 104- 116. URL
	YANG Y L, SONG L P. Attack graph generation method integrating social network threats. Computer Engineering, 2021, 47(5): 104- 116. URL
14	亓玉璐, 江荣, 荣星, 等. 基于网络安全知识图谱的天地一体化信息网络攻击研判框架. 天地一体化信息网络, 2021, 2(3): 57- 65.
	QI Y L, JIANG R, RONG X, et al. Attack analysis framework of space-integrated-ground information network based on cybersecurity knowledge graph. Space-Integrated-Ground Information Networks, 2021, 2(3): 57- 65.
15	郭军军, 王乐, 王正源, 等. 软件安全漏洞知识图谱构建方法. 计算机工程与设计, 2022, 43(8): 2137- 2145.
	GUO J J, WANG L, WANG Z Y, et al. Construction method of software security vulnerability knowledge map. Computer Engineering and Design, 2022, 43(8): 2137- 2145.
16	IANNACONE M, BOHN S, NAKAMURA G, et al. Developing an ontology for cyber security knowledge graphs[C]//Proceedings of the 10th Annual Cyber and Information Security Research Conference. New York, USA: ACM Press, 2015: 1-4.
17	SYED Z, PADIA A, MATHEWS L M, et al. UCO: a unified cybersecurity ontology[C]//Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security. [S. l. ]: AAAI Press, 2016: 1-10.
18	KIESLING E, EKELHART A, KURNIAWAN K, et al. The SEPSES knowledge graph: an integrated resource for cybersecurity[C]//Proceedings of Conference on International Semantic Web. Berlin, Germany: Springer, 2019: 198-214.
19	AGHAEI E, SHADID W, AL-SHAER E. ThreatZoom: hierarchical neural network for CVEs to CWEs classification[C]//Proceedings of International Conference on Security and Privacy in Communication Systems. Berlin, Germany: Springer, 2020: 23-41.
20	AOTA M, BAN T, TAKAHASHI T, et al. Multi-label positive and unlabeled learning and its application to common vulnerabilities and exposure categorization[C]//Proceedings of the 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Washington D. C., USA: IEEE Press, 2021: 988-996.
21	LAKHDHAR Y, REKHIS S. Machine learning based approach for the automated mapping of discovered vulnerabilities to adversial tactics[C]//Proceedings of Security and Privacy Workshops. Washington D. C., USA: IEEE Press, 2021: 309-317.
22	GUO H, CHEN S, XING Z C, et al. Detecting and augmenting missing key aspects in vulnerability descriptions. ACM Transactions on Software Engineering and Methodology, 2022, 31(3): 1- 27.
23	鲍开放, 顾君忠, 杨静. 基于结构与文本联合表示的知识图谱补全方法. 计算机工程, 2018, 44(7): 205- 211. URL
	BAO K F, GU J Z, YANG J. Knowledge graph completion method based on jointly representation of structure and text. Computer Engineering, 2018, 44(7): 205- 211. URL
24	HAN Z B, LI X H, LIU H T, et al. DeepWeak: reasoning common software weaknesses via knowledge graph embedding[C]//Proceedings of the 25th International Conference on Software Analysis, Evolution and Reengineering. Washington D. C., USA: IEEE Press, 2018: 456-466.
25	XIAO H B, XING Z C, LI X H, et al. Embedding and predicting software security entity relationships: a knowledge graph based approach[C]//Proceedings of Conference on Neural Information Processing Systems. Berlin, Germany: Springer, 2019: 50-63.
26	YUAN L, BAI Y D, XING Z C, et al. Predicting entity relations across different security databases by using graph attention network[C]//Proceedings of the 45th Annual Computers, Software, and Applications Conference. Washington D. C., USA: IEEE Press, 2021: 834-843.
27	MIKOLOV T, CHEN K, CORRADO G, et al. Efficient estimation of word representations in vector space[EB/OL]. [2023-02-23]. http://export.arxiv.org/pdf/1301.3781.
28	REIMERS N, GUREVYCH I. Sentence-BERT: sentence embeddings using Siamese BERT-networks[EB/OL]. [2023-02-23]. https://arxiv.org/abs/1908.10084.
29	NGUYEN D Q, NGUYEN T D, NGUYEN D Q, et al. A novel embedding model for knowledge base completion based on convolutional neural network[EB/OL]. [2023-02-23]. https://arxiv.org/pdf/1712.02121.pdf.
30	BORDES A, USUNIER N, GARCIA-DURAN A, et al. Translating embeddings for modeling multi-relational data[C]//Proceedings of the 26th International Conference on Neural Information Processing Systems. New York, USA: ACM Press, 2013, 2787-2795.
31	WANG Z, ZHANG J W, FENG J L, et al. Knowledge graph embedding by translating on hyperplanes[EB/OL]. [2023-02-23]. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.486.2800&rep=rep1&type=pdf.

[1]	Zhibao WANG, Shutao JIANG, Fei LI, Juntao GAO, Qiang MA, Bin YANG. Entity Alignment of Petroleum Data Assets Graph Based on Multi-Neighborhood Awareness [J]. Computer Engineering, 2024, 50(1): 339-347.
[2]	Zhangjie RAN, Linfu SUN, Yisheng ZOU, Yulin MA. Few-Shot Knowledge Graph Completion Model Based on Relation Learning Network [J]. Computer Engineering, 2023, 49(9): 52-59.
[3]	Kun MA, Jingmin AN, Guanyu LI. Knowledge Graph Completion with Dynamically Aggregating Context of Entity and Relation [J]. Computer Engineering, 2023, 49(8): 77-84, 95.
[4]	Jiarong ZHANG, Jinsha YUAN, Jianing XU, Zhihong LUO. Mechanics Entities Recognition Algorithm Based on Multi-Meta Information Embedding and Collaborative Neural Network [J]. Computer Engineering, 2023, 49(7): 125-134.
[5]	ZHANG Liqun, PAN Zulie, HUANG Hui, WANG Ruipeng, LI Yang. Research on Automatic Verification Method of Tcache Poisoning Heap Vulnerability Based on Symbolic Execution [J]. Computer Engineering, 2023, 49(6): 24-33.
[6]	RONG Keyao, XIONG Yun. Automatic Code Annotation Generation Based on Multi-dimensional Heterogeneous Graph Structure [J]. Computer Engineering, 2023, 49(4): 240-248.
[7]	LIU Jinshuo, LIU Ning. Automatic Generation of Semi-Structured Texts for Bidding Documents [J]. Computer Engineering, 2023, 49(3): 67-72.
[8]	GU Yunjie, WU Changhe, WU Qing, ZHANG Wei, Lü Tianhang, HU Qi, SONG Xiaobin, YAN Jiyu. Cascade Vulnerability Scanning Engine Deployment Strategy for Delay Optimization [J]. Computer Engineering, 2023, 49(3): 161-167,176.
[9]	CAI Ruichu, ZHANG Shengqiang, XU Boyan. Method for Generating Code Comments Based on Structure-aware Hybrid Encoding Model [J]. Computer Engineering, 2023, 49(2): 61-69.
[10]	Huayu LIU, Shuitao GAN, Xiaokang YIN, Xiaolong LIU, Shengli LIU, Hongliang LI. A Gray-box Test Technology Based on Intelligent Inference of Protocol Format [J]. Computer Engineering, 2023, 49(12): 129-135, 145.
[11]	Peng ZHENG, Letian SHA. Java Deserialization Vulnerability Detection Method Based on Hybrid Analysis [J]. Computer Engineering, 2023, 49(12): 136-145.
[12]	CHEN Heng, WANG Siyi, LI Guanyu, QI Ruihua, YANG Chen, WANG Weimei. Knowledge Graph Completion Model Based on Quaternion Capsule Network [J]. Computer Engineering, 2022, 48(2): 40-46,64.
[13]	ZOU Pinrong, XIAO Feng, ZHANG Wenjuan, ZHANG Wanyu, WANG Chenyang. Multi-Module Co-Attention Model for Visual Question Answering [J]. Computer Engineering, 2022, 48(2): 250-260.
[14]	ZHANG Yi, ZHENG Jing, CAI Gangsheng, WANG Zhenmei. Association Prediction Based on Duplex Polymerize Operation in GAT and Inductive Matrix Completion [J]. Computer Engineering, 2022, 48(12): 72-78.
[15]	SONG Xuhui, YU Hongtao, LI Shaomei. Chinese Named Entity Recognition Based on Word Fusion of Graph Attention Network [J]. Computer Engineering, 2022, 48(10): 298-305.

Please choose a citation manager

Content to export