2018, Volume 4, Issue 1
Engineering >> 2018, Volume 4, Issue 1 doi: 10.1016/j.eng.2018.01.004
A Practical Approach to Constructing a Knowledge Graph for Cybersecurity
School of Computer Science, National University of Defense Technology, Changsha 410073, China
Next Previous
Abstract
Cyberattack forms are complex and varied, and the detection and prediction of dynamic types of attack are always challenging tasks. Research on knowledge graphs is becoming increasingly mature in many fields. At present, it is very significant that certain scholars have combined the concept of the knowledge graph with cybersecurity in order to construct a cybersecurity knowledge base. This paper presents a cybersecurity knowledge base and deduction rules based on a quintuple model. Using machine learning, we extract entities and build ontology to obtain a cybersecurity knowledge base. New rules are then deduced by calculating formulas and using the path-ranking algorithm. The Stanford named entity recognizer (NER) is also used to train an extractor to extract useful information. Experimental results show that the Stanford NER provides many features and the useGazettes parameter may be used to train a recognizer in the cybersecurity domain in preparation for future work.
Keywords
Figures
Fig.1
Fig.2
Fig.3
Fig.4
Fig.5
Fig.6
Fig.7
Fig.8
References
[ 1 ] Zhu J, Zhang J, Zhang C, Wu Q, Jia Y, Zhou B, et al. CHRS: Cold start recommendation across multiple heterogeneous information networks. IEEE Access 2017;5:15283–99. link1
[ 2 ] Zhu X, Huang J, Zhou B, Li A, Jia Y. Real-time personalized twitter search based on semantic expansion and quality model. Neurocomputing 2017;254:13–21. link1
[ 3 ] Undercoffer J, Joshi A, Pinkston J. Modeling computer attacks: An ontology for intrusion detection. In: Vigna G, Jonsson E, Kruegel C, editors. RAID 2003: link1
[ 4 ] Joshi A, Lal R, Finin T, Joshi A. Extracting cybersecurity related linked data from text. In: Proceedings of the 7th IEEE international conference on semantic computing. Los Alamitos: IEEE Computer Society Press; 2013. p. 252–9. link1
[ 5 ] More S, Matthews M, Joshi A, Finin T. A knowledge-based approach to intrusion detection modeling. In: Proceedings of 2012 IEEE symposium on security and privacy workshops. Los Alamitos: IEEE Computer Society Press; 2012. p. 75–81. link1
[ 6 ] Obrst L, Chase P, Markeloff R. Developing an ontology of the cybersecurity domain. CEUR Workshop Proc 2012;966:49–56.
[ 7 ] Parmelee MC. Toward an ontology architecture for cyber-security standards. CEUR Workshop Proc 2010;713:116–23. link1
[ 8 ] Iannacone M, Bohn S, Nakamura G, Gerth J, Huffer K, Bridges R, et al. Developing an ontology for cybersecurity knowledge graphs. In: Proceedings of the 10th annual cyber and information security research conference. New York: ACM, Inc.; 2015. link1
[ 9 ] Pinkston J, Undercoffer J, Joshi A, Finin T. A target-centric ontology for intrusion detection. In: Proceedings of the IJCAI-03 workshop on ontologies and distributed systems, Aug 9–15, 2003, Acapulco, Mexico; 2003. p. 47–58. link1
[10] Rehman S, Mustafa K. Software design level vulnerability classification model. Int J Comput Sci Secur 2012;6(4):238–55. link1
[11] Lowis L, Accorsi R. On a classification approach for SOA vulnerabilities. In: Proceedings of the 33rd annual IEEE international computer software and applications conference. Los Alamitos: IEEE Computer Society Press; 2009. p. 439–44. link1
[12] Lal R. Information extraction of cybersecurity related terms and concepts from unstructured text [dissertation]. College Park: University of Maryland; 2013.
[13] Mulwad V, Li W, Joshi A, Finin T, Viswanathan K. Extracting information about security vulnerabilities from web text. In: Hübner JF, Petit JM, Suzuki E, editors. Proceedings of 2011 IEEE/WIC/ACM international conference on web intelligence and intelligent agent technology—workshops. Los Alamitos: IEEE Computer Society Press; 2011. p. 257–60. link1
[14] CNNVD.org.cn [Internet]. Beijing: China Information Technology Security Evaluation Center; [cited 2017 Jul 25]. Available from: http://www.cnnvd. org.cn/. Chinese.
[15] NVD.nist.gov [Internet]. Gaithersburg: National Institute of Standards and Technology; [cited 2017 Jul 25]. Available from: https://nvd.nist.gov/.
[16] Paulheim H, Bizer C. Type inference on noisy RDF data. In: Alani H, Kagal L, Fokoue A, Groth P, Biemann C, Parreira JX, et al., editors. The semantic web— ISWC 2013: Proceedings of the 12th international semantic web conference. Berlin: Springer; 2013. p. 510–25. link1
[17] Paulheim H, Bizer C. Type inference on noisy RDF data. In: Cudré-Mauroux P, Heflin J, Sirin E, Tudorache T, Euzenat J, Hauswirth M, et al., editors. The semantic web—ISWC 2012: Proceedings of the 11th international semantic web conference. Berlin: Springer; 2012. p. 65–81. link1
[18] Kliegr T. Linked hypernyms: Enriching DBpedia with targeted hypernym discovery. J Web Semant 2015;31:59–69. link1
[19] Lehmann J, Auer S, Bühmann L, Tramp S. Class expression learning for ontology engineering. J Web Semant 2011;9(1):71–81. link1
[20] Hellmann S, Lehmann J, Auer S. Learning of OWL class descriptions on very large knowledge bases. Int J Semant Web Inf Syst 2009;5(2):25–48. link1
[21] Lehmann J. DL-learner: Learning concepts in description logics. J Mach Learn Res 2009;10(11):2639–42. link1
[22] Völker J, Niepert M. Statistical schema induction. In: Antoniou G, Grobelnik M, Simperl E, Parsia B, Plexousakis D, De Leenheer P, et al., editors. The semantic web: Research and applications: Proceedings of the 8th extended semantic web conference. Berlin: Springer; 2011. p. 124–38. link1
[23] Fleischhacker D, Völker J. Inductive learning of disjointness axioms. In: Meersman R, Dillon T, Herrero P, Kumar A, Reichert M, Qing L, et al., editors. On the move to meaningful internet systems: OTM 2011: Proceedings of confederated international conferences: CoopIS, DOA-SVI, and ODBASE 2011. Berlin: Springer; 2011. p. 680–97. link1
[24] Völker J, Fleischhacker D, Stuckenschmidt H. Automatic acquisition of class disjointness. J Web Semant 2015;35(Pt 2):124–39. link1
[25] Singhal A. Introducing the knowledge graph: Things, not strings [Internet].[updated 2012 May 16; cited 2017 Jul 25]. Available from: https://googleblog. blogspot.com/2012/05/introducing-knowledge-graphthings-not.html.
[26] Lin D, Wu X. Phrase clustering for discriminative learning. In: Proceedings of the 47th annual meeting of the association for computational linguistics and the 4th international joint conference on natural language processing of the AFNLP. Singapore: Suntec; 2009. p. 1030–8. link1
[27] Finkel JR, Grenager T, Manning C. Incorporating non-local information into information extraction systems by Gibbs sampling. In: Knight K, Ng HT, Oflazer K, editors. Proceedings of the 43rd annual meeting of the association for computational linguistics. Stroudsburg: Association for Computational Linguistics; 2005. p. 363–70.
[28] NERFeatureFactory [Internet]. Stanford: Stanford NLP Group; [updated 2013 Jun 26; cited 2017 Jul 25]. Available from: http://nlp.stanford.edu/ nlp/javadoc/javanlp/edu/stanford/nlp/ie/NERFeatureFactory.html.
京公网安备 11010502051620号
