Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding

Changchang Ma; Xiayu Xiang; Yushun Xie; Wenying Feng; Zhaoquan Gu

doi:10.1007/978-981-97-4522-7_2

Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding

Changchang Ma
, Xiayu Xiang
, Yushun Xie
, Wenying Feng
, Zhaoquan Gu^*

^*Corresponding author for this work

Guangzhou University
Peng Cheng Laboratory
University of Electronic Science and Technology of China
Harbin Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

With the fast development of information technologies, cyberspace security has received attention from many areas. Attackers leverage a diverse range of tactics, such as exploits, weakness discovery, and sophisticated attacks, with the intent to gain unauthorized access to targeted systems, while defenders can detect the potential attacks through heterogeneous sources of threat clues. Public cyber threat databases such as the Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide a rich repository of security-related entities and relations. These databases are pivotal in enhancing the understanding of cyberspace security and conducting comprehensive analysis for defenders. However, these databases have rarely been semantically cross-analyzed, a crucial strategy in pinpointing missing threat patterns. We aggregate data from separate sources into a threat knowledge graph and develop a novel knowledge representation learning method called 4CKGE (CAPEC-CWE-CVE-CPE Knowledge Graph Embedding).We extract and utilize more in-depth structural and textual information to be able to predict correlations between security entities such as products, vulnerabilities, weaknesses and attack patterns.Through extensive experiments, our proposed approach outperforms existing state-of-theart methods for effectively predicting the relations between security entities. The experimental results validate the effectiveness of our cyber threat knowledge graph in discovering concealed relations, highlighting its potential to fortify cybersecurity countermeasures.

Original language	English
Title of host publication	Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings
Editors	Zhaoquan Gu, Wanlei Zhou, Jiawei Zhang, Guandong Xu, Yan Jia
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	20-35
Number of pages	16
ISBN (Print)	9789819745210
DOIs	https://doi.org/10.1007/978-981-97-4522-7_2
State	Published - 2024
Externally published	Yes
Event	2nd International Conference on Network Simulation and Evaluation, NSE 2023 - Shenzhen, China Duration: 22 Nov 2023 → 24 Nov 2023

Publication series

Name	Communications in Computer and Information Science
Volume	2064 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	2nd International Conference on Network Simulation and Evaluation, NSE 2023
Country/Territory	China
City	Shenzhen
Period	22/11/23 → 24/11/23

Keywords

Knowledge graph embedding
Link prediction
Security database
Threat knowledge graph

Access to Document

10.1007/978-981-97-4522-7_2

Cite this

Ma, C., Xiang, X., Xie, Y., Feng, W., & Gu, Z. (2024). Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding. In Z. Gu, W. Zhou, J. Zhang, G. Xu, & Y. Jia (Eds.), Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings (pp. 20-35). (Communications in Computer and Information Science; Vol. 2064 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-4522-7_2

Ma, Changchang ; Xiang, Xiayu ; Xie, Yushun et al. / Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding. Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings. editor / Zhaoquan Gu ; Wanlei Zhou ; Jiawei Zhang ; Guandong Xu ; Yan Jia. Springer Science and Business Media Deutschland GmbH, 2024. pp. 20-35 (Communications in Computer and Information Science).

@inproceedings{dd6cc88f759448359d512aeaca539c2d,

title = "Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding",

abstract = "With the fast development of information technologies, cyberspace security has received attention from many areas. Attackers leverage a diverse range of tactics, such as exploits, weakness discovery, and sophisticated attacks, with the intent to gain unauthorized access to targeted systems, while defenders can detect the potential attacks through heterogeneous sources of threat clues. Public cyber threat databases such as the Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide a rich repository of security-related entities and relations. These databases are pivotal in enhancing the understanding of cyberspace security and conducting comprehensive analysis for defenders. However, these databases have rarely been semantically cross-analyzed, a crucial strategy in pinpointing missing threat patterns. We aggregate data from separate sources into a threat knowledge graph and develop a novel knowledge representation learning method called 4CKGE (CAPEC-CWE-CVE-CPE Knowledge Graph Embedding).We extract and utilize more in-depth structural and textual information to be able to predict correlations between security entities such as products, vulnerabilities, weaknesses and attack patterns.Through extensive experiments, our proposed approach outperforms existing state-of-theart methods for effectively predicting the relations between security entities. The experimental results validate the effectiveness of our cyber threat knowledge graph in discovering concealed relations, highlighting its potential to fortify cybersecurity countermeasures.",

keywords = "Knowledge graph embedding, Link prediction, Security database, Threat knowledge graph",

author = "Changchang Ma and Xiayu Xiang and Yushun Xie and Wenying Feng and Zhaoquan Gu",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.; 2nd International Conference on Network Simulation and Evaluation, NSE 2023 ; Conference date: 22-11-2023 Through 24-11-2023",

year = "2024",

doi = "10.1007/978-981-97-4522-7\_2",

language = "英语",

isbn = "9789819745210",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "20--35",

editor = "Zhaoquan Gu and Wanlei Zhou and Jiawei Zhang and Guandong Xu and Yan Jia",

booktitle = "Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings",

address = "德国",

}

Ma, C, Xiang, X, Xie, Y, Feng, W & Gu, Z 2024, Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding. in Z Gu, W Zhou, J Zhang, G Xu & Y Jia (eds), Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings. Communications in Computer and Information Science, vol. 2064 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 20-35, 2nd International Conference on Network Simulation and Evaluation, NSE 2023, Shenzhen, China, 22/11/23. https://doi.org/10.1007/978-981-97-4522-7_2

Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding. / Ma, Changchang; Xiang, Xiayu; Xie, Yushun et al.
Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings. ed. / Zhaoquan Gu; Wanlei Zhou; Jiawei Zhang; Guandong Xu; Yan Jia. Springer Science and Business Media Deutschland GmbH, 2024. p. 20-35 (Communications in Computer and Information Science; Vol. 2064 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding

AU - Ma, Changchang

AU - Xiang, Xiayu

AU - Xie, Yushun

AU - Feng, Wenying

AU - Gu, Zhaoquan

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.

PY - 2024

Y1 - 2024

N2 - With the fast development of information technologies, cyberspace security has received attention from many areas. Attackers leverage a diverse range of tactics, such as exploits, weakness discovery, and sophisticated attacks, with the intent to gain unauthorized access to targeted systems, while defenders can detect the potential attacks through heterogeneous sources of threat clues. Public cyber threat databases such as the Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide a rich repository of security-related entities and relations. These databases are pivotal in enhancing the understanding of cyberspace security and conducting comprehensive analysis for defenders. However, these databases have rarely been semantically cross-analyzed, a crucial strategy in pinpointing missing threat patterns. We aggregate data from separate sources into a threat knowledge graph and develop a novel knowledge representation learning method called 4CKGE (CAPEC-CWE-CVE-CPE Knowledge Graph Embedding).We extract and utilize more in-depth structural and textual information to be able to predict correlations between security entities such as products, vulnerabilities, weaknesses and attack patterns.Through extensive experiments, our proposed approach outperforms existing state-of-theart methods for effectively predicting the relations between security entities. The experimental results validate the effectiveness of our cyber threat knowledge graph in discovering concealed relations, highlighting its potential to fortify cybersecurity countermeasures.

AB - With the fast development of information technologies, cyberspace security has received attention from many areas. Attackers leverage a diverse range of tactics, such as exploits, weakness discovery, and sophisticated attacks, with the intent to gain unauthorized access to targeted systems, while defenders can detect the potential attacks through heterogeneous sources of threat clues. Public cyber threat databases such as the Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide a rich repository of security-related entities and relations. These databases are pivotal in enhancing the understanding of cyberspace security and conducting comprehensive analysis for defenders. However, these databases have rarely been semantically cross-analyzed, a crucial strategy in pinpointing missing threat patterns. We aggregate data from separate sources into a threat knowledge graph and develop a novel knowledge representation learning method called 4CKGE (CAPEC-CWE-CVE-CPE Knowledge Graph Embedding).We extract and utilize more in-depth structural and textual information to be able to predict correlations between security entities such as products, vulnerabilities, weaknesses and attack patterns.Through extensive experiments, our proposed approach outperforms existing state-of-theart methods for effectively predicting the relations between security entities. The experimental results validate the effectiveness of our cyber threat knowledge graph in discovering concealed relations, highlighting its potential to fortify cybersecurity countermeasures.

KW - Knowledge graph embedding

KW - Link prediction

KW - Security database

KW - Threat knowledge graph

UR - https://www.scopus.com/pages/publications/85201196577

U2 - 10.1007/978-981-97-4522-7_2

DO - 10.1007/978-981-97-4522-7_2

M3 - 会议稿件

AN - SCOPUS:85201196577

SN - 9789819745210

T3 - Communications in Computer and Information Science

SP - 20

EP - 35

BT - Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings

A2 - Gu, Zhaoquan

A2 - Zhou, Wanlei

A2 - Zhang, Jiawei

A2 - Xu, Guandong

A2 - Jia, Yan

PB - Springer Science and Business Media Deutschland GmbH

T2 - 2nd International Conference on Network Simulation and Evaluation, NSE 2023

Y2 - 22 November 2023 through 24 November 2023

ER -

Ma C, Xiang X, Xie Y, Feng W, Gu Z. Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding. In Gu Z, Zhou W, Zhang J, Xu G, Jia Y, editors, Network Simulation and Evaluation - 2nd International Conference, NSE 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 20-35. (Communications in Computer and Information Science). doi: 10.1007/978-981-97-4522-7_2

Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this