Chang-Yong Ri,Min Yao

DOI: https://doi.org/10.1007/s11042-014-1858-9

IF: 2.577

2014-01-01

Multimedia Tools and Applications

Abstract:Semantic image classification is a hot issue of image mining. Information of spatial relations between objects in an image is one of the important semantic information of an image. However, the previous researches have not made full use of the spatial relations for image modeling and classification. In addition, to classify the images with Bayesian network, the accuracy of conditional probability estimation may be insufficient, because the learning methods of spatial contextual models have usually used a limited number of training samples. In this work, the semantic image modeling based on attributed relational graph has been proposed, in which the distance measure method between images was presented, therefore the object information and spatial relational information could be fully utilized. Then, the semantic distance between images based on attributed relational graph could be calculated for the support vector machine to obtain the joint conditional probability distribution of Bayesian network. Therefore the probabilistic estimation problem under the sparse training samples could be solved, and the accuracy of semantic image classification with Bayesian network was improved. Experimental results show the validity and reliability of this proposed method.

Ezekia Gilliard,Jinshuo Liu,Ahmed Abubakar Aliyu

DOI: https://doi.org/10.1049/cmu2.12736

IF: 1.345

2024-02-28

IET Communications

Abstract:In our interconnected world, cyber threats continuously evolve, presenting unprecedented challenges to cybersecurity. Conventional methods such as anomaly‐based and feature‐based approaches are encountering limitations and proving inadequate. The utilization of knowledge graph reasoning, leveraging graph structures, emerges as a promising paradigm shift in the landscape of cyberattack detection. This scholarly work delves into contemporary cybersecurity research, examining the potential of knowledge graph reasoning and proposing an innovative methodology with three principal objectives: optimizing data preparation for knowledge graph embedding models, establishing semantic foundations for network analysis via the system state graph ontology, and elevating network attack recognition through knowledge graph inference techniques. The study conducts experiments, comparing the proposed approach against existing methodologies, and demonstrates its efficacy in addressing the challenges associated with the escalating volume of network data. This approach signifies a promising trajectory towards automating network attack recognition and fortifying network security by seamlessly integrating knowledge graphs. In today's digital landscape, cybercriminals are constantly evolving their tactics, making it challenging for traditional cybersecurity methods to keep up. To address this issue, this study explores the potential of knowledge graph reasoning as a more adaptable and sophisticated approach to identify and counter network attacks. By leveraging graph structures imbued with human‐like thinking, this method enhances the resilience of cybersecurity systems. The study focuses on three critical aspects: data preparation, semantic foundations, and knowledge graph inference techniques. Through an in‐depth analysis of these components, the research aims to reveal how knowledge graph reasoning can improve cyberattack detection and enhance the overall efficacy of cybersecurity measures, including intrusion detection systems. The proposed approach has undergone extensive experimentation to validate its effectiveness compared to existing methods. The results of the experiment have shown a remarkable advancement in accuracy, speed, and recall for recognition, surpassing current methods. This achievement is a notable contribution in the realm of managing big data in cybersecurity. The study establishes a foundation for the automation of network attack detection, ultimately enhancing overall network security.

engineering, electrical & electronic

TA DUY CONG CHIEN

DOI: https://doi.org/10.46242/jstiuh.v52i05.4110

2022-02-22

Abstract:Semantic relations have been applied to many applications in recent years, especially on Sematic Web, Information Retrieval, Information Extraction, and Question and Answer. Purpose of semantic relations is to get rid of conceptual and terminological confusion. It accomplishes this by specifying a set of generic concepts that characterizes the domain as well as their definitions and interrelationships. This paper describes how to detect semantic relations, including synonym, hyponym and hypernym relations based on WordNet and entities of Knowledge Graph. This Knowledge graph is built from two main resources: Wikipedia and unstructured files from ACM Digital Library. We used Natural Language Processing (NLP) and Deep Learning for processing data before putting into Knowledge Graph. We choose 5 of 245 categories in the ACM Digital Library to evaluate our results. Results generated show that our system yields superior performance.

Chao Wang,Huajun Chen,Peiqin Gu,Tong Yu

DOI: https://doi.org/10.1109/emeit.2011.6023182

2011-01-01

Abstract:The kernel concept of semantic web is that the data on the web can be abstracted as different graphs with nodes and links distributed among a multitude of web agents. In this environment, latent relationship discovery can be reduced into Semantic Graph Routing, which aims at searching possible paths under reasonable hypotheses within a set of autonomously-maintained and interlinked semantic graphs. Based on our previous work on semantic association discovery, here we establish a useful real life environment where it is proved that our multi-agent approach can be effectively applied. The experimental simulation results show that semantic-aware mechanisms provide notable path searching capability.

Muhammad Akram Shaikh,Jiaxin Wang,Zehong Yang,Yixu Song

DOI: https://doi.org/10.1007/978-3-540-73871-8_54

2007-01-01

Abstract:Law enforcement agencies and intelligence analysts frequently face the problems of identifying the actor importance and possible roles among a specific group of entities in a terrorist network. However, such tasks can be fairly time consuming and labor-intensive without the help of some efficient methods. In this paper we will discuss how graph structural mining is applied in the context of terrorist networks using structural measures or properties from social network analysis (SNA) research. Structural properties are determined by the graph structure of the network. These properties are used to evaluate the relationship between entities and identifying different roles. The graph structural mining concept is also demonstrated by using publicly available data on terrorists network in two ways i.e., one for identifying different roles (leaders, brokers, and outliers) known as role structural mining and other for ranking important actors known as rank structural mining. In addition to this we also illustrate how terrorist network is disrupt by knowing the actor importance in a network using rank structural mining.

Hamed Eramian,G. Levchuk,G. Zheng,Mohammed Eslami

DOI: https://doi.org/10.1109/BigData.2017.8258527

2017-12-01

Abstract:Data from cyber logs can often be represented as a bipartite graph (e.g. internal IP-external IP, user-application, or client-server). State-of-the-art graph based anomaly detection often generalizes across all types of graphs — namely bipartite and non-bipartite. This confounds the interpretation and use of specific graph features such as degree, page rank, and eigencentrality that can provide a security analyst with rapid situational awareness of their network. Furthermore, graph algorithms applied to data collected from large, distributed enterprise scale networks require accompanying methods that allow them to scale to the data collected. In this paper, we provide a novel, scalable, directional graph projection framework that operates on cyber logs that can be represented as bipartite graphs. This framework computes directional graph projections and identifies a set of interpretable graph features that describe anomalies within each partite.

Computer Science

Aditya Pingle,Aritran Piplai,Sudip Mittal,Anupam Joshi,James Holt,Richard Zak

DOI: https://doi.org/10.48550/arXiv.1905.02497

2019-05-07

Computation and Language

Abstract:Security Analysts that work in a `Security Operations Center' (SoC) play a major role in ensuring the security of the organization. The amount of background knowledge they have about the evolving and new attacks makes a significant difference in their ability to detect attacks. Open source threat intelligence sources, like text descriptions about cyber-attacks, can be stored in a structured fashion in a cybersecurity knowledge graph. A cybersecurity knowledge graph can be paramount in aiding a security analyst to detect cyber threats because it stores a vast range of cyber threat information in the form of semantic triples which can be queried. A semantic triple contains two cybersecurity entities with a relationship between them. In this work, we propose a system to create semantic triples over cybersecurity text, using deep learning approaches to extract possible relationships. We use the set of semantic triples generated through our system to assert in a cybersecurity knowledge graph. Security Analysts can retrieve this data from the knowledge graph, and use this information to form a decision about a cyber-attack.

Elijah Pelofske,Lorie M. Liebrock,Vincent Urias

2024-10-08

Abstract:Open source intelligence is a powerful tool for cybersecurity analysts to gather information both for analysis of discovered vulnerabilities and for detecting novel cybersecurity threats and exploits. However the scale of information that is relevant for information security on the internet is always increasing, and is intractable for analysts to parse comprehensively. Therefore methods of condensing the available open source intelligence, and automatically developing connections between disparate sources of information, is incredibly valuable. In this research, we present a system which constructs a Neo4j graph database formed by shared connections between open source intelligence text including blogs, cybersecurity bulletins, news sites, antivirus scans, social media posts (e.g., Reddit and Twitter), and threat reports. These connections are comprised of possible indicators of compromise (e.g., IP addresses, domains, hashes, email addresses, phone numbers), information on known exploits and techniques (e.g., CVEs and MITRE ATT&CK Technique ID's), and potential sources of information on cybersecurity exploits such as twitter usernames. The construction of the database of potential IoCs is detailed, including the addition of machine learning and metadata which can be used for filtering of the data for a specific domain (for example a specific natural language) when needed. Examples of utilizing the graph database for querying connections between known malicious IoCs and open source intelligence documents, including threat reports, are shown. We show three specific examples of interesting connections found in the graph database; the connections to a known exploited CVE, a known malicious IP address, and a malware hash signature.

Cryptography and Security

Andy Zhou,Xiaojun Xu,Ramesh Raghunathan,Alok Lal,Xinze Guan,Bin Yu,Bo Li

2024-10-11

Abstract:Graph-based anomaly detection is pivotal in diverse security applications, such as fraud detection in transaction networks and intrusion detection for network traffic. Standard approaches, including Graph Neural Networks (GNNs), often struggle to generalize across shifting data distributions. Meanwhile, real-world domain knowledge is more stable and a common existing component of real-world detection strategies. To explicitly integrate such knowledge into data-driven models such as GCNs, we propose KnowGraph, which integrates domain knowledge with data-driven learning for enhanced graph-based anomaly detection. KnowGraph comprises two principal components: (1) a statistical learning component that utilizes a main model for the overarching detection task, augmented by multiple specialized knowledge models that predict domain-specific semantic entities; (2) a reasoning component that employs probabilistic graphical models to execute logical inferences based on model outputs, encoding domain knowledge through weighted first-order logic formulas. Extensive experiments on these large-scale real-world datasets show that KnowGraph consistently outperforms state-of-the-art baselines in both transductive and inductive settings, achieving substantial gains in average precision when generalizing to completely unseen test graphs. Further ablation studies demonstrate the effectiveness of the proposed reasoning component in improving detection performance, especially under extreme class imbalance. These results highlight the potential of integrating domain knowledge into data-driven models for high-stakes, graph-based security applications.

Cryptography and Security,Artificial Intelligence,Machine Learning

Kaustav Basu,Chenyang Zhou,Arunabha Sen,Victoria Horan Goliber

DOI: https://doi.org/10.48550/arXiv.1902.02836

2019-02-08

Abstract:Terrorist attacks all across the world have become a major source of concern for almost all national governments. The United States Department of State's Bureau of Counter-Terrorism, maintains a list of 66 terrorist organizations spanning the entire world. Actively monitoring a large number of organizations and their members, require considerable amounts of resources on the part of law enforcement agencies. Oftentimes, the law enforcement agencies do not have adequate resources to monitor these organizations and their members effectively. On multiple incidences of terrorist attacks in recent times across Europe, it has been observed that the perpetrators of the attack were in the suspect databases of the law enforcement authorities, but weren't under active surveillance at the time of the attack, due to resource limitations on the part of the authorities. As the suspect databases in various countries are very large, and it takes significant amount of technical and human resources to monitor a suspect in the database, monitoring all the suspects in the database may be an impossible task. In this paper, we propose a novel terror network monitoring approach that will significantly reduce the resource requirement of law enforcement authorities, but still provide the capability of uniquely identifying a suspect in case the suspect becomes active in planning a terrorist attack. The approach relies on the assumption that, when an individual becomes active in planning a terrorist attack, his/her friends/associates will have some inkling of the individuals plan. Accordingly, even if the individual is not under active surveillance by the authorities, but the individual's friends/associates are, then the individual planning the attack can be uniquely identified. We apply our techniques on various real-world terror network datasets and show the effectiveness of our approach.

Social and Information Networks,Physics and Society

Chi Wang,Jiawei Han,Qi Li,Xiang Li,Wen-Pin Lin,Heng Ji

DOI: https://doi.org/10.1137/1.9781611972825.45

2012-01-01

Abstract:Objects linking with many other objects in an information network may imply various semantic relationships. Uncovering such knowledge is essential for role discovery, data cleaning, and better organization of information networks, especially when the semantically meaningful relationships are hidden or mingled with noisy links and attributes. In this paper we study a generic form of relationship along which objects can form a treelike structure, a pervasive structure in various domains. We formalize the problem of uncovering hierarchical relationships in a supervised setting. In general, local features of object attributes, their interaction patterns, as well as rules and constraints for knowledge propagation can be used to infer such relationships. Existing approaches, designed for specific applications, either cannot handle dependency rules together with local features, or cannot leverage labeled data to differentiate their importance. In this study, we propose a discriminative undirected graphical model. It integrates a wide range of features and rules by defining potential functions with simple forms. These functions are also summarized and categorized. Our experiments on three quite different domains demonstrate how to apply the method to encode domain knowledge. The efficacy is measured with both traditional and our newly designed metrics in the evaluation of discovered tree structures.

Computer Science

Tuomas Takko,Kunal Bhattacharya,Martti Lehto,Pertti Jalasvirta,Aapo Cederberg,Kimmo Kaski

DOI: https://doi.org/10.48550/arXiv.2109.03848

2022-08-02

Abstract:Information on cyber-related crimes, incidents, and conflicts is abundantly available in numerous open online sources. However, processing the large volumes and streams of data is a challenging task for the analysts and experts, and entails the need for newer methods and techniques. In this article we present and implement a novel knowledge graph and knowledge mining framework for extracting the relevant information from free-form text about incidents in the cyberdomain. The framework includes a machine learning based pipeline for generating graphs of organizations, countries, industries, products and attackers with a non-technical cyber-ontology. The extracted knowledge graph is utilized to estimate the incidence of cyberattacks on a given graph configuration. We use publicly available collections of real cyber-incident reports to test the efficacy of our methods. The knowledge extraction is found to be sufficiently accurate, and the graph-based threat estimation demonstrates a level of correlation with the actual records of attacks. In practical use, an analyst utilizing the presented framework can infer additional information from the current cyber-landscape in terms of risk to various entities and propagation of the risk heuristic between industries and countries.

Cryptography and Security,Computation and Language,Information Retrieval,Machine Learning

Jasmin Wachter

2023-11-17

Abstract:Graph models are helpful means of analyzing computer networks as well as complex system architectures for security. In this paper we evaluate the current state of research for representing and analysing cyber-attack using graph models, i.e. attack graph (AG) formalisms. We propose a taxonomy on attack graph formalisms, based on 70 models, which we analysed with respect to their \textit{graph semantic}, involved agents and analysis features. Additionally, we adress which formalisms allow for automatic attack graph generation from raw or processes data inputs. Our taxonomy is especially designed to help users and applied researchers identify a suitable AG model for their needs. A summary of the individual AG formalisms is provided as supplementary material.

Cryptography and Security

Hongbo Xiao,Zhenchang Xing,Xiaohong Li,Hao Guo

DOI: https://doi.org/10.1007/978-3-030-36718-3_5

2019-01-01

Abstract:Software security knowledge involves heterogeneous security concepts (e.g., software weaknesses and attack patterns) and security instances (e.g., the vulnerabilities of a particular software product), which can be regarded as software security entities. Among software security entities, there are many within-type relationships as well as many across-type relationships. Predicting software security entity relationships helps to enrich software security knowledge (e.g., finding missing relationships among existing entities). Unfortunately, software security entities are currently documented in separate databases, such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC). This hyper-document representation cannot support effective reasoning of software entity relationships. In this paper, we propose to consolidate heterogeneous software security concepts and instances from separate databases into a coherent knowledge graph. We develop a knowledge graph embedding method which embeds the symbolic relational and descriptive information of software security entities into a continuous vector space. The resulting entity and relationship embeddings are predictive for software security entity relationships. Based on the Open World Assumption, we conduct extensive experiments to evaluate the effectiveness of our knowledge graph based approach for predicting various within-type and across-type relationships of software security entities.

Yan Wang,Xiaowei Hou,Xiu Ma,Qiujian Lv

DOI: https://doi.org/10.1007/978-3-031-19214-2_42

2022-01-01

Abstract:Recently, the need for complex cyber attack knowledge is increasing with the rising risk of software vulnerabilities and weaknesses on the internet. To spread knowledge and strengthen software security defense, researchers record software vulnerabilities, weaknesses, and attack patterns through software databases, including CVE, CWE, and CAPEC, etc. However, software security databases are time delayed and thus miss unobserved facts. Attackers can take advantage of this problem to execute an attack successfully. Therefore, the reasoning task of predicting software security entity relation is critical to supplementing software security data. This paper constructs a software security knowledge graph and proposes a knowledge graph representation learning method combining Sentence-Bert and GAT. The way can implement link prediction and classification tasks for knowledge graph completion. We finally designed a large number of experiments to evaluate the effectiveness of our model in knowledge graph completion and knowledge graph classification. The experimental results demonstrate that the proposed method can effectively improve the effectiveness of prediction.

Kenneth David Strang,Zhaohao Sun

DOI: https://doi.org/10.1080/08874417.2016.1181497

2016-07-21

Journal of Computer Information Systems

Abstract:We used big data software Hadoop in Google News to collect complex high-velocity, high-volume terrorism information. We used big text search to code the factors of interest into nominal fields. We integrated new fields and records into an existing database drawn from other researchers. Our testable hypothesis was that there was a significant relationship between terrorist group ideology and terrorist attack type. Then we used correspondence analysis in SPSS to test our hypothesis. Our hypothesis was supported, so we developed a symmetric model to visualize the hidden relationships between terrorist ideology and attack type. Our purpose was to demonstrate how statistical software methods may be applied in big data analytics. These methods will generalize to other researchers and practitioners. The finding of a significant relationship between terrorist ideology and attack type may generalize to supply chain operations and national security planning.

computer science, information systems

Hegler C. Tissot

DOI: https://doi.org/10.1007/978-3-030-75018-3_6

2021-01-01

Abstract:Knowledge graph representation is an important embedding technology that supports a variety of machine learning related applications. By learning the distributed representation of multi-relational data, knowledge embedding models are supposed to efficiently deal with the semantic relatedness of their constituents. However, failing in the fundamental task of creating an appropriate form to represent knowledge harms any attempt of designing subsequent machine learning tasks. Several knowledge embedding methods have been proposed in the last decade. Although there is a consensus on the idea that enhanced approaches are more efficient, more complex projections in the hyperspace that indeed favor link prediction (or knowledge graph completion) can result in a loss of semantic similarity. We propose a new evaluation task that aims at performing risk assessment on domain-specific categorized multi-relational datasets, designed as a classification problem based on the resulting embeddings. We assess the quality of embedding representations based on the synergy of the resulting clusters of target subjects. We show that more sophisticated embedding approaches do not necessarily favor embedding quality, and the traditional link prediction validation protocol is a weak metric to measure the quality of embedding representation. Finally, we present insights about using the synergy analysis to provide risk assessment explainability based on the probability distribution of feature-value pairs within embedded clusters.

Anthony Palladino,Christopher J. Thissen

DOI: https://doi.org/10.48550/arXiv.1812.02848

2018-12-06

Cryptography and Security

Abstract:Intrusion detection systems (IDSs) generate valuable knowledge about network security, but an abundance of false alarms and a lack of methods to capture the interdependence among alerts hampers their utility for network defense. Here, we explore a graph-based approach for fusing alerts generated by multiple IDSs (e.g., Snort, OSSEC, and Bro). Our approach generates a weighted graph of alert fields (not network topology) that makes explicit the connections between multiple alerts, IDS systems, and other cyber artifacts. We use this multi-modal graph to identify anomalous changes in the alert patterns of a network. To detect the anomalies, we apply the role-dynamics approach, which has successfully identified anomalies in social media, email, and IP communication graphs. In the cyber domain, each node (alert field) in the fused IDS alert graph is assigned a probability distribution across a small set of roles based on that node's features. A cyber attack should trigger IDS alerts and cause changes in the node features, but rather than track every feature for every alert-field node individually, roles provide a succinct, integrated summary of those feature changes. We measure changes in each node's probabilistic role assignment over time, and identify anomalies as deviations from expected roles. We test our approach using simulations including three weeks of normal background traffic, as well as cyber attacks that occur near the end of the simulations. This paper presents a novel approach to multi-modal data fusion and a novel application of role dynamics within the cyber-security domain. Our results show a drastic decrease in the false-positive rate when considering our anomaly indicator instead of the IDS alerts themselves, thereby reducing alarm fatigue and providing a promising avenue for threat intelligence in network defense.

Qiu Mingyue,Zhang Xueying

DOI: https://doi.org/10.3103/S0146411623060056

2023-01-01

Automatic Control and Computer Sciences

Abstract:With the continuous improvement of the informatization level of the police, how to make accurate intelligence analysis based on the modeling of massive multimodal data has always been a real intricate problem during the applications of public security big data. Knowledge graph technique can fuse and marge multimodal data in public security business to different intelligence entity elements including person, thing, material, time, and position and reconstruct the deep relations among data in the digital space, which can provide computable and minable data resources with logical hierarchy for intelligence analysis. This study started from the case text data in public security domain, attempted ontology modeling for knowledge mapping in public security domain and explored the establishment mode and application direction of knowledge graphs in public security domain.

Song Wang,Yushun Dong,Binchi Zhang,Zihan Chen,Xingbo Fu,Yinhan He,Cong Shen,Chuxu Zhang,Nitesh V. Chawla,Jundong Li

2024-05-18

Abstract:Graph Machine Learning (Graph ML) has witnessed substantial advancements in recent years. With their remarkable ability to process graph-structured data, Graph ML techniques have been extensively utilized across diverse applications, including critical domains like finance, healthcare, and transportation. Despite their societal benefits, recent research highlights significant safety concerns associated with the widespread use of Graph ML models. Lacking safety-focused designs, these models can produce unreliable predictions, demonstrate poor generalizability, and compromise data confidentiality. In high-stakes scenarios such as financial fraud detection, these vulnerabilities could jeopardize both individuals and society at large. Therefore, it is imperative to prioritize the development of safety-oriented Graph ML models to mitigate these risks and enhance public confidence in their applications. In this survey paper, we explore three critical aspects vital for enhancing safety in Graph ML: reliability, generalizability, and confidentiality. We categorize and analyze threats to each aspect under three headings: model threats, data threats, and attack threats. This novel taxonomy guides our review of effective strategies to protect against these threats. Our systematic review lays a groundwork for future research aimed at developing practical, safety-centered Graph ML models. Furthermore, we highlight the significance of safe Graph ML practices and suggest promising avenues for further investigation in this crucial area.

Machine Learning