Kai Liu,Fei Wang,Zhaoyun Ding,Sheng Liang,Zhengfei Yu,Yun Zhou

DOI: https://doi.org/10.3390/electronics11152287

IF: 2.9

2022-07-23

Electronics

Abstract:In today's dynamic complex cyber environments, Cyber Threat Intelligence (CTI) and the risk of cyberattacks are both increasing. This means that organizations need to have a strong understanding of both their internal CTI and their external CTI. The potential for cybersecurity knowledge graphs is evident in their ability to aggregate and represent knowledge about cyber threats, as well as their ability to manage and reason with that knowledge. While most existing research has focused on how to create a full knowledge graph, how to utilize the knowledge graph to tackle real-world industrial difficulties in cyberattack and defense situations is still unclear. In this article, we give a quick overview of the cybersecurity knowledge graph's core concepts, schema, and building methodologies. We also give a relevant dataset review and open-source frameworks on the information extraction and knowledge creation job to aid future studies on cybersecurity knowledge graphs. We perform a comparative assessment of the many works that expound on the recent advances in the application scenarios of cybersecurity knowledge graph in the majority of this paper. In addition, a new comprehensive classification system is developed to define the linked works from 9 core categories and 18 subcategories. Finally, based on the analyses of existing research issues, we have a detailed overview of various possible research directions.

engineering, electrical & electronic,computer science, information systems,physics, applied

Guowei Shen,Wanling Wang,Qilin Mu,Yanhong Pu,Ya Qin,Miao Yu

DOI: https://doi.org/10.1155/2020/8883696

2020-12-26

Wireless Communications and Mobile Computing

Abstract:Industrial control systems (ICS) involve many key industries, which once attacked will cause heavy losses. However, traditional passive defense methods of cybersecurity have difficulty effectively dealing with increasingly complex threats; a knowledge graph is a new idea to analyze and process data in cybersecurity analysis. We propose a novel overall framework of data-driven industrial control network security defense, which integrated fragmented multisource threat data with an industrial network layout by a cybersecurity knowledge graph. In order to better correlate data to construct a knowledge graph, we propose a distant supervised relation extraction model ResPCNN-ATT; it is based on a deep residual convolutional neural network and attention mechanism, reduces the influence of noisy data in distant supervision, and better extracts deep semantic features in sentences by using deep residuals. We empirically demonstrate the performance of the proposed method in the field of general cybersecurity by using dataset CSER; the model proposed in this paper achieves higher accuracy than other models. And then, the dataset ICSER was used to construct a cybersecurity knowledge graph (CSKG) on the basis of analyzing specific industrial control scenarios, visualizing the knowledge graph for further security analysis to the industrial control system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yagmur Yigit,Mohamed Amine Ferrag,Iqbal H. Sarker,Leandros A. Maglaras,Christos Chrysoulas,Naghmeh Moradpoor,Helge Janicke

2024-05-08

Abstract:Critical National Infrastructure (CNI) encompasses a nation's essential assets that are fundamental to the operation of society and the economy, ensuring the provision of vital utilities such as energy, water, transportation, and communication. Nevertheless, growing cybersecurity threats targeting these infrastructures can potentially interfere with operations and seriously risk national security and public safety. In this paper, we examine the intricate issues raised by cybersecurity risks to vital infrastructure, highlighting these systems' vulnerability to different types of cyberattacks. We analyse the significance of trust, privacy, and resilience for Critical Infrastructure Protection (CIP), examining the diverse standards and regulations to manage these domains. We also scrutinise the co-analysis of safety and security, offering innovative approaches for their integration and emphasising the interdependence between these fields. Furthermore, we introduce a comprehensive method for CIP leveraging Generative AI and Large Language Models (LLMs), giving a tailored lifecycle and discussing specific applications across different critical infrastructure sectors. Lastly, we discuss potential future directions that promise to enhance the security and resilience of critical infrastructures. This paper proposes innovative strategies for CIP from evolving attacks and enhances comprehension of cybersecurity concerns related to critical infrastructure.

Cryptography and Security

Zhulin Han,Jian Wang

DOI: https://doi.org/10.1007/s42524-023-0273-1

2024-02-09

Frontiers of Engineering Management

Abstract:With the escalating complexity in production scenarios, vast amounts of production information are retained within enterprises in the industrial domain. Probing questions of how to meticulously excavate value from complex document information and establish coherent information links arise. In this work, we present a framework for knowledge graph construction in the industrial domain, predicated on knowledge-enhanced document-level entity and relation extraction. This approach alleviates the shortage of annotated data in the industrial domain and models the interplay of industrial documents. To augment the accuracy of named entity recognition, domain-specific knowledge is incorporated into the initialization of the word embedding matrix within the bidirectional long short-term memory conditional random field (BiLSTM-CRF) framework. For relation extraction, this paper introduces the knowledge-enhanced graph inference (KEGI) network, a pioneering method designed for long paragraphs in the industrial domain. This method discerns intricate interactions among entities by constructing a document graph and innovatively integrates knowledge representation into both node construction and path inference through TransR. On the application stratum, BiLSTM-CRF and KEGI are utilized to craft a knowledge graph from a knowledge representation model and Chinese fault reports for a steel production line, specifically SPOnto and SPFRDoc. The F 1 value for entity and relation extraction has been enhanced by 2% to 6%. The quality of the extracted knowledge graph complies with the requirements of real-world production environment applications. The results demonstrate that KEGI can profoundly delve into production reports, extracting a wealth of knowledge and patterns, thereby providing a comprehensive solution for production management.

engineering, industrial

Gaosheng Wang,Peipei Liu,Jintao Huang,Haoyu Bin,Xi Wang,Hongsong Zhu

DOI: https://doi.org/10.1016/j.cose.2024.103824

IF: 5.105

2024-03-01

Computers & Security

Abstract:Structured cyber threat intelligence enables security researchers to know the occurrence of cyber threats in time, thereby improving the efficiency of security defense and analysis. Previous works usually use general deep learning and NLP techniques to extract intelligence. Such methods suffer from insufficient semantic understanding in the field of security. To address these issues, we propose a novel method called Knowledge-based Cyber Threat Intelligence Entity and Relation Extraction (KnowCTI), which incorporates cybersecurity knowledge into the model to enhance the understanding of the realm of cybersecurity and has a full picture of threats with the threat intelligence graph generation. Specifically, we first build a cybersecurity knowledge base and train cybersecurity-aware knowledge embeddings based on the base. Secondly, we refine the most related knowledge triples by attention mechanism and gate mechanism, and then construct a sentence tree through these triples. Next, we employ graph attention networks to incorporate knowledge information into the sentence by considering the sentence tree as a graph. Finally, we consider entity extraction as a sequence labeling problem and relation extraction as a classification problem to decode the entities and relation triples according to the threat intelligence ontology we designed. Experimental results demonstrate the superior performance with the F1 score exceeding 90.16 and 81.83 on entity and relation extraction separately.

computer science, information systems

Xue Zheng,Bing Wang,Yunmeng Zhao,Shuai Mao,Yang Tang

DOI: https://doi.org/10.1016/j.neucom.2020.10.095

IF: 6

2021-03-01

Neurocomputing

Abstract:<p>Hazardous chemicals are widely used in the production activities of the chemical industry. The safety management of hazardous chemicals is critical to the safety of life and property. Hence, the effective safety management of hazardous chemicals has always been an important aspect of the chemical industry. Since a large quantity of knowledge and information of hazardous chemicals is stored in isolated databases, it is challenging to manage hazardous chemicals in an information-rich manner. Herein, we propose a knowledge graph method for hazardous chemical management to solve the problem of decentralized databases in the hazardous chemical industry. In the construction of the knowledge graph, we design an ontology structure of hazardous chemicals management. To facilitate enterprises to master the knowledge in the full lifecycle of hazardous chemicals, including production, transportation, storage, etc., we jointly use internal data from companies and open data from the public domain of hazardous chemicals to construct the knowledge graph. The named entity recognition task is one of the key tasks in the implementation of the knowledge graph, which is of great significance for obtaining entity information from unstructured data. To extract useful information from multi-source data, we adopted a deep neural model, BERT-CRF, to conduct named entity recognition for incidents records. The model is based on bidirectional encoder representation from transformers (BERT) model and conditional random field (CRF) model, and it achieves good results, exhibiting the effectiveness in the task of named entity recognition in the chemical industry.</p>

computer science, artificial intelligence

Kai Liu,Fei Wang,Zhaoyun Ding,Sheng Liang,Zhengfei Yu,Yun Zhou

DOI: https://doi.org/10.48550/arXiv.2204.04769

2022-04-10

Cryptography and Security

Abstract:Facing the dynamic complex cyber environments, internal and external cyber threat intelligence, and the increasing risk of cyber-attack, knowledge graphs show great application potential in the cyber security area because of their capabilities in knowledge aggregation, representation, management, and reasoning. However, while most research has focused on how to develop a complete knowledge graph, it remains unclear how to apply the knowledge graph to solve industrial real challenges in cyber-attack and defense scenarios. In this review, we provide a brief overview of the basic concepts, schema, and construction approaches for the cyber security knowledge graph. To facilitate future research on cyber security knowledge graphs, we also present a curated collection of datasets and open-source libraries on the knowledge construction and information extraction task. In the major part of this article, we conduct a comparative review of the different works that elaborate on the recent progress in the application scenarios of the cyber security knowledge graph. Furthermore, a novel comprehensive classification framework is created to describe the connected works from nine primary categories and eighteen subcategories. Finally, we have a thorough outlook on several promising research directions based on the discussion of existing research flaws.

Yitong Ren,Yanjun Xiao,Yinghai Zhou,Zhiyong Zhang,Zhihong Tian

DOI: https://doi.org/10.1109/tkde.2022.3175719

IF: 9.235

2022-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Open-source cyber threat intelligence (OSCTI) is becoming more influential in obtaining current network security information. Most studies on cyber threat intelligence (CTI) focus on automating the extraction of threat entities from public sources that describe attack events. The cybersecurity knowledge graph aims to change the expression of threat knowledge so that security researchers can accurately and efficiently obtain various types of threat information for preliminary intelligent decisions. The attribution technology can not only assist security analysts in detecting advanced persistent threats, but can also identify the same threat from different attack events. Therefore, it is important to trace the attack threat actor. In this study, we used the knowledge graph technology, considered the latest research on cyber threat attack attribution, and thoroughly examined key related technologies and theories in the process of constructing and applying the advanced persistent threat (APT) knowledge graph from OSCTI. We designed a cybersecurity platform named CSKG4APT based on a knowledge graph. Inspired by the theory of ontology, we constructed CSKG4APT as an APT knowledge graph model based on real APT attack scenarios. We then designed an APT threat knowledge extraction algorithm for completing and updating the knowledge graph using deep learning and expert knowledge. Finally, we proposed a practical APT attack attribution method with attribution and countermeasures. CSKG4APT is not a passive defense method in traditional network confrontation but one that integrates a large amount of fragmented intelligence and can actively adjust its defense strategy. It lays the foundation for further dominance in network attack and defense.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Siqi Sun,Cheng Huang,Tiejun Wu,Yi Shen

DOI: https://doi.org/10.1155/2023/4464974

IF: 8.993

2023-01-01

International Journal of Intelligent Systems

Abstract:As the complexity of cyberattacks continues to increase, multistage combination attacks have become the primary method of attack. Attackers plan and organize a series of attack steps, using various attack tools to achieve specific goals. Extracting knowledge about these tools is of great significance for both defense and tracing of attacks. We have noticed that there is a wealth of security tool-related knowledge within the open-source community, but research in this area is limited. It is challenging to achieve large-scale automated security tool information extraction. To address this, we propose automated knowledge graph construction architecture, named SecTKG, for open-source security tools. Our approach involves designing a security tool ontology model to describe tools, users, and relationships, which guides the extraction of security tool knowledge. In addition, we develop advanced entity recognition and classification methods, ensuring efficient and accurate knowledge extraction. As far as we know, this work is the first to construct the large-scale security tool knowledge graph, containing 4 million entities and 10 million relationships. Furthermore, we investigate the tendencies and particularities of security tools based on the SecTKG and developed a security tool influence-measuring application. The research fills a gap in the field of automated security tools’ knowledge extraction and provides a foundation for future research and practical applications.

Zong-Xun Li,Yu-Jun Li,Yi-Wei Liu,Cheng Liu,Nan-Xin Zhou

DOI: https://doi.org/10.3390/sym15020337

2023-01-26

Symmetry

Abstract:Cyber threat intelligence (CTI) sharing has gradually become an important means of dealing with security threats. Considering the growth of cyber threat intelligence, the quick analysis of threats has become a hot topic at present. Researchers have proposed some machine learning and deep learning models to automatically analyze these immense amounts of cyber threat intelligence. However, due to a large amount of network security terminology in CTI, these models based on open-domain corpus perform poorly in the CTI automatic analysis task. To address this problem, we propose an automatic CTI analysis method named K-CTIAA, which can extract threat actions from unstructured CTI by pre-trained models and knowledge graphs. First, the related knowledge in knowledge graphs will be supplemented to the corresponding position in CTI through knowledge query and knowledge insertion, which help the pre-trained model understand the semantics of network security terms and extract threat actions. Second, K-CTIAA reduces the adverse effects of knowledge insertion, usually called the knowledge noise problem, by introducing a visibility matrix and modifying the calculation formula of the self-attention. Third, K-CTIAA maps corresponding countermeasures by using digital artifacts, which can provide some feasible suggestions to prevent attacks. In the test data set, the F1 score of K-CTIAA reaches 0.941. The experimental results show that K-CTIAA can improve the performance of automatic threat intelligence analysis and it has certain significance for dealing with security threats.

multidisciplinary sciences

Yutong Cheng,Osama Bajaber,Saimon Amanuel Tsegai,Dawn Song,Peng Gao

2024-10-28

Abstract:Textual descriptions in cyber threat intelligence (CTI) reports, such as security articles and news, are rich sources of knowledge about cyber threats, crucial for organizations to stay informed about the rapidly evolving threat landscape. However, current CTI extraction methods lack flexibility and generalizability, often resulting in inaccurate and incomplete knowledge extraction. Syntax parsing relies on fixed rules and dictionaries, while model fine-tuning requires large annotated datasets, making both paradigms challenging to adapt to new threats and ontologies. To bridge the gap, we propose CTINexus, a novel framework leveraging optimized in-context learning (ICL) of large language models (LLMs) for data-efficient CTI knowledge extraction and high-quality cybersecurity knowledge graph (CSKG) construction. Unlike existing methods, CTINexus requires neither extensive data nor parameter tuning and can adapt to various ontologies with minimal annotated examples. This is achieved through (1) a carefully designed automatic prompt construction strategy with optimal demonstration retrieval for extracting a wide range of cybersecurity entities and relations; (2) a hierarchical entity alignment technique that canonicalizes the extracted knowledge and removes redundancy; (3) an ICL-enhanced long-distance relation prediction technique to further complete the CKSG with missing links. Our extensive evaluations using 150 real-world CTI reports collected from 10 platforms demonstrate that CTINexus significantly outperforms existing methods in constructing accurate and complete CSKGs, highlighting its potential to transform CTI analysis with an efficient and adaptable solution for the dynamic threat landscape.

Cryptography and Security,Artificial Intelligence,Machine Learning

Ezekia Gilliard,Jinshuo Liu,Ahmed Abubakar Aliyu

DOI: https://doi.org/10.1049/cmu2.12736

IF: 1.345

2024-02-28

IET Communications

Abstract:In our interconnected world, cyber threats continuously evolve, presenting unprecedented challenges to cybersecurity. Conventional methods such as anomaly‐based and feature‐based approaches are encountering limitations and proving inadequate. The utilization of knowledge graph reasoning, leveraging graph structures, emerges as a promising paradigm shift in the landscape of cyberattack detection. This scholarly work delves into contemporary cybersecurity research, examining the potential of knowledge graph reasoning and proposing an innovative methodology with three principal objectives: optimizing data preparation for knowledge graph embedding models, establishing semantic foundations for network analysis via the system state graph ontology, and elevating network attack recognition through knowledge graph inference techniques. The study conducts experiments, comparing the proposed approach against existing methodologies, and demonstrates its efficacy in addressing the challenges associated with the escalating volume of network data. This approach signifies a promising trajectory towards automating network attack recognition and fortifying network security by seamlessly integrating knowledge graphs. In today's digital landscape, cybercriminals are constantly evolving their tactics, making it challenging for traditional cybersecurity methods to keep up. To address this issue, this study explores the potential of knowledge graph reasoning as a more adaptable and sophisticated approach to identify and counter network attacks. By leveraging graph structures imbued with human‐like thinking, this method enhances the resilience of cybersecurity systems. The study focuses on three critical aspects: data preparation, semantic foundations, and knowledge graph inference techniques. Through an in‐depth analysis of these components, the research aims to reveal how knowledge graph reasoning can improve cyberattack detection and enhance the overall efficacy of cybersecurity measures, including intrusion detection systems. The proposed approach has undergone extensive experimentation to validate its effectiveness compared to existing methods. The results of the experiment have shown a remarkable advancement in accuracy, speed, and recall for recognition, surpassing current methods. This achievement is a notable contribution in the realm of managing big data in cybersecurity. The study establishes a foundation for the automation of network attack detection, ultimately enhancing overall network security.

engineering, electrical & electronic

Xuhai Duan,Yong Chen,Zuzhen Ji,Zhi Pei,Wenchao Yi

DOI: https://doi.org/10.1109/case49997.2022.9926662

2022-01-01

Abstract:A CNC machine may contain various types of faults and may harm production safety in multiple ways. It is difficult for managers to determine which faults are more severe due to the complex structure of the machine. This further confuses managers to generate efficient preventions and responses. Consequently, there is a need to develop a method to assist production managers to identify the safety-critical components (SCCs) in a CNC machine. The current work developed a solid framework for SCCs examination using a risk-based knowledge graph method. Firstly, we summarize the structure of the CNC machine using ontology and examine CNC faults and corresponding consequences. The reasoning between faults and consequences is via literature examination using a web-crawler. This is followed by using BiLSTM-CRF for knowledge processing and using TransE for entity alignment. Then, a risk-based knowledge graph is developed via developing a weight scale for the severity of consequence; and using historical fault data to access frequency. The knowledge graph visualization is developed using Gephi, and SCCs can be virtually determined with deeper color in nodes as the darker color represents higher risk. This has the potential to help industry practitioners better understand their current operations situation and generate responses to avoid fault occurrence and improve production safety.

Yinqian Cheng,Wei Wei,Zhiyuan Wu,Yang Jiao

DOI: https://doi.org/10.1109/ICCASIT48058.2019.8973190

2019-10-01

Abstract:The knowledge graph of the civil aviation safety domain can visually display the complex network relationship between civil aviation safety-related factors, and facilitate effective analysis of potential security risks from the relationship between complex and multi-dimensional security factors, providing in-depth risk analysis and decision support to the field. In this paper, the knowledge system of the civil aviation safety field was firstly combed, and the ontology model suitable for the civil aviation security field has been constructed. Then knowledge was extracted from structured, semi-structured and unstructured data sources in the civil aviation security field. On this basis, entity recognition of unstructured text has been done by using a machine-learning correlation model algorithm, and the entity-relationship in the civil aviation security field has been extracted by using a deep convolutional neural network model combined with keyword features. Finally, the map database Neo4j was used to store the knowledge of the civil aviation safety field, and the knowledge map of the civil aviation safety field has been initially constructed.

Engineering,Computer Science

Peng Gao,Xiaoyuan Liu,Edward Choi,Bhavna Soman,Chinmaya Mishra,Kate Farris,Dawn Song

DOI: https://doi.org/10.48550/arXiv.2101.07769

2021-02-27

Abstract:To remain aware of the fast-evolving cyber threat landscape, open-source Cyber Threat Intelligence (OSCTI) has received growing attention from the community. Commonly, knowledge about threats is presented in a vast number of OSCTI reports. Despite the pressing need for high-quality OSCTI, existing OSCTI gathering and management platforms, however, have primarily focused on isolated, low-level Indicators of Compromise. On the other hand, higher-level concepts (e.g., adversary tactics, techniques, and procedures) and their relationships have been overlooked, which contain essential knowledge about threat behaviors that is critical to uncovering the complete threat scenario. To bridge the gap, we propose SecurityKG, a system for automated OSCTI gathering and management. SecurityKG collects OSCTI reports from various sources, uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors, and constructs a security knowledge graph. SecurityKG also provides a UI that supports various types of interactivity to facilitate knowledge graph exploration.

Cryptography and Security,Artificial Intelligence,Computation and Language,Databases

Damodar Panigrahi,Shaswata Mitra,Subash Neupane,Sudip Mittal,Benjamin A. Blakely

2024-11-24

Abstract:Cyberattacks are becoming increasingly difficult to detect and prevent due to their sophistication. In response, Autonomous Intelligent Cyber-defense Agents (AICAs) are emerging as crucial solutions. One prominent AICA agent is the Intrusion Response System (IRS), which is critical for mitigating threats after detection. IRS uses several Tactics, Techniques, and Procedures (TTPs) to mitigate attacks and restore the infrastructure to normal operations. Continuous monitoring of the enterprise infrastructure is an essential TTP the IRS uses. However, each system serves different purposes to meet operational needs. Integrating these disparate sources for continuous monitoring increases pre-processing complexity and limits automation, eventually prolonging critical response time for attackers to exploit. We propose a unified IRS Knowledge Graph ontology (IRSKG) that streamlines the onboarding of new enterprise systems as a source for the AICAs. Our ontology can capture system monitoring logs and supplemental data, such as a rules repository containing the administrator-defined policies to dictate the IRS responses. Besides, our ontology permits us to incorporate dynamic changes to adapt to the evolving cyber-threat landscape. This robust yet concise design allows machine learning models to train effectively and recover a compromised system to its desired state autonomously with explainability.

Cryptography and Security,Artificial Intelligence,Machine Learning

Wanru Du,Xiaoyin Wang,Quan Zhu,Xiaochuan Jing,Xuan Liu

DOI: https://doi.org/10.1177/00368504241235510

IF: 1.512

2024-03-16

Science Progress

Abstract:Science Progress, Volume 107, Issue 1, January-March 2024. In recent years, hazardous chemical incidents have occurred frequently, resulting in significant human casualties, property damage, and environmental pollution due to human or natural factors. Accurately mining the lessons learned from accumulating incident reports and constructing the knowledge graph for hazardous chemical incident management can assist managers in identifying patterns and analyzing common attributes, thereby preventing the recurrence of similar incidents. This article addresses the challenges of dispersed textual information, specialized vocabulary, and data formats in hazardous chemical incidents. We propose a novel entity-relation extraction model called CPBA-CLIM (content-position-based attention-cross-label intersect matching) to provide an accurate data foundation for constructing the hazardous chemical incident knowledge graph. The content-position-based attention module, based on content-position attention, incorporates contextual semantic information into the combined encoding of bidirectional encoder representations from the transformer's content and position to obtain dynamic word vectors that align with the thematic context of the text. Additionally, the cross-label intersect matching strategy evaluates the rationality of entity–relation interactions in sets containing potential overlaps, reducing the impact of entity–relation overlap on triplet extraction accuracy. Comparative experimental results on public datasets demonstrate the model's outstanding performance in overlapping triplets. Qualitative experiments on a self-constructed dataset integrate our model with ontology construction techniques, successfully establishing a knowledge graph for managing hazardous chemical incidents. This research effectively enhances the degree of automation and efficiency in knowledge graph construction, thus offering support and decision-making foundations for hazardous chemical safety management.

multidisciplinary sciences

Yanying Wang,Ying Cheng,Qinglin Qi,Fei Tao

DOI: https://doi.org/10.1016/j.jii.2024.100566

IF: 11.718

2024-01-29

Journal of Industrial Information Integration

Abstract:With the development of information technology in manufacturing enterprises, a large amount of equipment maintenance data and knowledge are recorded. These rich knowledge resources contain a vast amount of semantic and physical associations that have not yet been developed, resulting in a significant gap between equipment maintenance procedures and experiential knowledge. Therefore, this paper proposes a multi-source maintenance data management method called Industrial Dataspace (IDS), and on this basis, proposes a method for constructing an equipment maintenance knowledge graph (IDS-KG) that considers the causal relationships between faults in the equipment maintenance corpus. The method fixes procedural data on the ontology model at the upper layer of the knowledge graph and automatically mines maintenance information from empirical data, and ultimately achieves the fusion management of equipment maintenance procedure knowledge and empirical knowledge. The method is validated in the practical application of nuclear power equipment maintenance, and the experiments show that the method proposed in this paper is able to effectively fuse the procedural data and empirical data and structured as triplets, and at the same time, it is able to identify the hidden causal relationship between failures in the empirical data.

computer science, interdisciplinary applications,engineering, industrial

Ryan Barron,Maksim E. Eren,Manish Bhattarai,Selma Wanna,Nicholas Solovyev,Kim Rasmussen,Boian S. Alexandrov,Charles Nicholas,Cynthia Matuszek

2024-03-26

Abstract:Much of human knowledge in cybersecurity is encapsulated within the ever-growing volume of scientific papers. As this textual data continues to expand, the importance of document organization methods becomes increasingly crucial for extracting actionable insights hidden within large text datasets. Knowledge Graphs (KGs) serve as a means to store factual information in a structured manner, providing explicit, interpretable knowledge that includes domain-specific information from the cybersecurity scientific literature. One of the challenges in constructing a KG from scientific literature is the extraction of ontology from unstructured text. In this paper, we address this topic and introduce a method for building a multi-modal KG by extracting structured ontology from scientific papers. We demonstrate this concept in the cybersecurity domain. One modality of the KG represents observable information from the papers, such as the categories in which they were published or the authors. The second modality uncovers latent (hidden) patterns of text extracted through hierarchical and semantic non-negative matrix factorization (NMF), such as named entities, topics or clusters, and keywords. We illustrate this concept by consolidating more than two million scientific papers uploaded to arXiv into the cyber-domain, using hierarchical and semantic NMF, and by building a cyber-domain-specific KG.

Artificial Intelligence

Zhenpeng Shi,Nikolay Matyunin,Kalman Graffi,David Starobinski

DOI: https://doi.org/10.1145/3641819

IF: 2.717

2024-02-05

ACM Transactions on Privacy and Security

Abstract:Security assessment relies on public information about products, vulnerabilities, and weaknesses. So far, databases in these categories have rarely been analyzed in combination. Yet, doing so could help predict unreported vulnerabilities and identify common threat patterns. In this article, we propose a methodology for producing and optimizing a knowledge graph that aggregates knowledge from common threat databases (CVE, CWE, and CPE). We apply the threat knowledge graph to predict associations between threat databases, specifically between products, vulnerabilities, and weaknesses. We evaluate the prediction performance both in closed world with associations from the knowledge graph and in open world with associations revealed afterward. Using rank-based metrics (i.e., Mean Rank, Mean Reciprocal Rank, and Hits@N scores), we demonstrate the ability of the threat knowledge graph to uncover many associations that are currently unknown but will be revealed in the future, which remains useful over different time periods. We propose approaches to optimize the knowledge graph and show that they indeed help in further uncovering associations. We have made the artifacts of our work publicly available.

computer science, information systems