ICC-VulKG-TAER: Industrial Control Component Vulnerability Knowledge Graph-Based Target Attack Entity Reasoning

Vulnerabilities in industrial control components (ICCs) can be exploited to launch attacks, potentially disrupting the operation of industrial control systems. Ensuring the security of such systems requires establishing explicit associations between vulnerabilities in ICCs and the attacks. The ICC vulnerability knowledge graph integrates multi-source data and facilitates these associations by reasoning models. However, the context of vulnerability entities in ICCs contains complex component semantics and structural features, which makes it challenging to capture accurate representations and limits the performance of existing reasoning models. To address these challenges, we propose a target attack entity reasoning method based on the ICC vulnerability knowledge graph, called ICC-VulKG-TAER. The core of this method is a link prediction algorithm that combines both local and global representations, leveraging features of entity texts, relational neighborhoods, and relation paths. Experimental results show that ICC-VulKG-TAER outperforms existing methods, achieving 80.87% Hits@1 and 87.13% MRR, with improvements of 4.75% and 6.83%, respectively. These results demonstrate the effectiveness of the proposed approach in enhancing the performance of vulnerability–attack association in ICCs.