基于知识图谱的网络安全事件数据推荐算法

doi:10.11959/j.issn.2096-109x.2023087

Abstract

Abstract:

To address the difficulty faced by network security operation and maintenance personnel in timely and accurate identification of required data during network security event analysis, a recommendation algorithm based on a knowledge graph for network security events was proposed.The algorithm utilized the network threat framework ATT＆amp;CK to construct an ontology model and establish a network threat knowledge graph based on this model.It extracted relevant security data such as attack techniques, vulnerabilities, and defense measures into interconnected security knowledge within the knowledge graph.Entity data was extracted based on the knowledge graph, and entity vectors were obtained using the TransH algorithm.These entity vectors were then used to calculate data similarity between entities in network threat data.Disposal behaviors were extracted from literature on network security event handling and treated as network security data entities.A disposal behavior matrix was constructed, and the behavior matrix enabled the vector representation of network threat data.The similarity of network threat data entities was calculated based on disposal behaviors.Finally, the similarity between network threat data and threat data under network security event handling behavior was fused to generate a data recommendation list for network security events, which established correlations between network threat domains based on user behavior.Experimental results demonstrate that the algorithm performs optimally when the fusion weight α=7 and the recommended data volume K=5, achieving a recall rate of 62.37% and an accuracy rate of 68.23%.By incorporating disposition behavior similarity in addition to data similarity, the algorithm better represents factual disposition behavior.Compared to other algorithms, this algorithm exhibits significant advantages in recall rate and accuracy, particularly when the recommended data volume is less than 10.

Key words: network threat data, network security events, knowledge graph, similarity, event handling behavior, data recommendation

CLC Number:

TP393

Xianwei ZHU, Wei LIU, Zihao LIU, Zeyu GU. Data recommendation algorithm of network security event based on knowledge graph[J]. Chinese Journal of Network and Information Security, 2023, 9(6): 116-126.

Figures/Tables 15

References 16

[1]	张淑英 . 网络安全事件关联分析与态势评测技术研究[D]. 长春:吉林大学, 2012.
	ZHANG S Y . Research on correlation analysis and situation evaluation technology of network security events[D]. Changchun:Jilin University, 2012.
[2]	CUPPENS F , MIEGE A . Alert correlation in a cooperative intrusion detection framework[C]// Proceedings of 2002 IEEE symposium on Security and privacy, 2002: 202-215.
[3]	ZANG Y C , ZHOU T Y , GE X Y ,et al. An improved attack path discovery algorithm through compact graph planning[J]. IEEE Access, 2019,99:1.
[4]	LI K , ZHOU H , TU Z ,et al. Cskb:a cyber security knowledge base based on knowledge graph[C]// Proceedings of First International Conference on Security and Privacy in Digital Economy(SPDE 2020). 2020: 100-113.
[5]	SYED Z , PADIA A , FININ T ,et al. UCO:a unified cybersecurity ontology[C]// Proceedings of AAAI Workshop on Artificial Intelligence for Cyber Security. 2016: 14-22.
[6]	孙澄, 胡浩, 杨英杰 ,等. 基于网络防御知识图谱的 0day 攻击路径预测方法[J]. 网络与信息安全学报, 2022,8(1): 151-166.
	SUN C , HU H , YANG Y J ,et al. Prediction method of 0day attack path based on cyber defense knowledge graph[J]. Chinese Journal of Network and Information Security, 2022,8(1): 151-166.
[7]	WANG H , ZHANG F , WANG J ,et al. Ripplenet:propagating user preferences on the knowledge graph for recommender systems[C]// Proceedings of the 27th ACM International Conference on Information and Knowledge. 2018: 417-426.
[8]	WANG X , WANG D , XU C ,et al. Explainable reasoning over knowledge graphs for recommendation[C]// Proceedings of the AAAI Conference on Artificial Intelligence. 2019: 5329-5336.
[9]	RENDLE S , FREUDENTHALER C , GANTNER Z ,et al. BPR:Bayesian personalized ranking from implicit feedback[C]// Proceedings of UAI 2009. 2009: 452-461.
[10]	ZHANG F , YUAN N J , LIAN D ,et al. Collaborative knowledge base embedding for recommender systems[C]// Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2016: 353-362.
[11]	ZHAO H , YAO Q , LI J ,et al. Meta-graph based recommendation fusion over heterogeneous information networks[C]// Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2017: 635-644.
[12]	徐增林, 盛泳潘, 贺丽荣 ,等. 知识图谱技术综述[J]. 电子科技大学学报, 2016,45(4).
	XU Z L , SHENG Y P , HE L R ,et al. Overview of knowledge graph technology[J]. Journal of University of Electronic Science and Technology, 2016,45(4).
[13]	ZHOU X , ZHU Q , LIU P ,et al. Learning knowledge embeddings by combining limit-based scoring loss[C]// Proceedings of the 2017 ACM on Conference on Information and Knowledge Management. 2017: 1009-1018.
[14]	李忠伟, 高东, 刘昕 ,等. 基于知识图谱的海洋数值预报数据推荐算法[J]. 计算机工程与设计, 2023,44(5).
	LI Z W , GAO D , LIU X ,et al. Recommendation algorithm of marine numerical forecast data based on knowledge graph[J]. Computer Engineering and Design, 2023,44(5).
[15]	RANI U , BIDHAN K . Comparative assessment of extractive summarization:TextRank,TF-IDF and LDA[J]. Journal of Scientific Research, 2021(1).
[16]	GB/T 20986-2023. 信息安全技术网络安全事件分类分级指南[S].
	GB/T 20986-2023. Information security technology-classification of cyber security incidents[S].

Metrics

Recommended 0

No Suggested Reading articles found!

名称	含义	说明
Software	软件	作为工具的可运行代码程序
Malware	恶意代码	主要包括僵尸主机、木马及蠕虫病毒等
Indicator	监测设备	主要指用于监测网络威胁设备，如流量分析、IPS/IDS、防火墙等
Port	端口	恶意代码或漏洞攻击利用的媒介
Vulnerability	漏洞	设备系统自身原因的脆弱性问题，主要分为不可远程利用漏洞和可远程利用漏洞
Course-of-action	防御措施	可以阻止攻击或防止危害进一步扩散的操作和手段
Attack-tactic	攻击战术	ATT＆CK中攻击者为达到目的的一类手段
Attack-technology	攻击技术	ATT＆CK中实现战术目的的一类技术

主题			数据
主题	u₁	u₂	u₃	…	u_m
V₁	1	0	0	…	1
V₂	0	1	1	…	1
V₃	0	0	0	…	0
…	…	…	…	…	…
V₁₃	1	0	0	…	0

Data recommendation algorithm of network security event based on knowledge graph

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 16

Related Articles 4

Metrics

Recommended 0

[1]	Xiaochen SHEN, Yinhui GE, Bo CHEN, Ling YU. Research on construction technology of artificial intelligence security knowledge graph [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 164-174.
[2]	Yi XIA, Mingjng LAN, Xiaohui CHEN, Junyong LUO, Gang ZHOU, Peng HE. Survey on explainable knowledge graph reasoning methods [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 1-25.
[3]	Cheng SUN, Hao HU, Yingjie YANG, Hongqi ZHANG. Prediction method of 0day attack path based on cyber defense knowledge graph [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 151-166.
[4]	Yuehang DING, Hongtao YU, Ruiyang HUANG, Yingle LI. Ontology summarization technology survey [J]. Chinese Journal of Network and Information Security, 2018, 4(10): 12-21.