A Practical Approach to Constructing a Knowledge Graph for Cybersecurity

Yan Jia; Yulu Qi; Huaijun Shang; Rong Jiang; Aiping Li

doi:10.1016/j.eng.2018.01.004

PDF(925 KB)

Engineering ›› 2018, Vol. 4 ›› Issue (1) : 53-60. DOI: 10.1016/j.eng.2018.01.004

Research

A Practical Approach to Constructing a Knowledge Graph for Cybersecurity

Author information +

History +

Abstract

Cyberattack forms are complex and varied, and the detection and prediction of dynamic types of attack are always challenging tasks. Research on knowledge graphs is becoming increasingly mature in many fields. At present, it is very significant that certain scholars have combined the concept of the knowledge graph with cybersecurity in order to construct a cybersecurity knowledge base. This paper presents a cybersecurity knowledge base and deduction rules based on a quintuple model. Using machine learning, we extract entities and build ontology to obtain a cybersecurity knowledge base. New rules are then deduced by calculating formulas and using the path-ranking algorithm. The Stanford named entity recognizer (NER) is also used to train an extractor to extract useful information. Experimental results show that the Stanford NER provides many features and the useGazettes parameter may be used to train a recognizer in the cybersecurity domain in preparation for future work.

Graphical abstract

Keywords

Cybersecurity / Knowledge graph / Knowledge deduction

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Yan Jia, Yulu Qi, Huaijun Shang, Rong Jiang, Aiping Li. A Practical Approach to Constructing a Knowledge Graph for Cybersecurity. Engineering, 2018, 4(1): 53‒60 https://doi.org/10.1016/j.eng.2018.01.004

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	J. Zhu, J. Zhang, C. Zhang, Q. Wu, Y. Jia, B. Zhou, et al. CHRS: Cold start recommendation across multiple heterogeneous information networks. IEEE Access,5 (2017), pp. 15283-15299

[2]	X. Zhu, J. Huang, B. Zhou, A. Li, Y. Jia. Real-time personalized twitter search based on semantic expansion and quality model. Neurocomputing,254 (2017), pp. 13-21

[3]

J. Undercoffer, A. Joshi, J. Pinkston. Modeling computer attacks: An ontology for intrusion detection. G. Vigna, E. Jonsson, C. Kruegel (Eds.), RAID 2003: Recent advances in intrusion detection, 2003 Sep 8-10; Pittsburgh, PA, USA, Springer, Berlin (2003), pp. 113-135. DOI: 10.1007/978-3-540-45248-5_7

[4]	A. Joshi, R. Lal, T. Finin, A. Joshi. Extracting cybersecurity related linked data from text. Proceedings of the 7th IEEE international conference on semantic computing, 2013 Sep 16-18; Irvine, CA, USA, IEEE Computer Society Press, Los Alamitos (2013), pp. 252-259. DOI: 10.1109/ICSC.2013.50

[5]	S. More, M. Matthews, A. Joshi, T. Finin. A knowledge-based approach to intrusion detection modeling. Proceedings of 2012 IEEE symposium on security and privacy workshops,2012 May 24-25; San Francisco, CA, USA, IEEE Computer Society Press, Los Alamitos (2012), pp. 75-81

[6]	L. Obrst, P. Chase, R. Markeloff.Developing an ontology of the cybersecurity domain. CEUR Workshop Proc,966 (2012), pp. 49-56

[7]	M.C. Parmelee.Toward an ontology architecture for cyber-security standards. CEUR Workshop Proc,713 (2010), pp. 116-123

[8]	M. Iannacone, S. Bohn, G. Nakamura, J. Gerth, K. Huffer, R. Bridges, et al.Developing an ontology for cybersecurity knowledge graphs. Proceedings of the 10th annual cyber and information security research conference, 2015 Apr7-9;Oak Ridge, TN, USA, ACM, Inc., New York (2015)

[9]	Pinkston J, Undercoffer J, Joshi A, Finin T. A target-centric ontology for intrusion detection. In: Proceedings of the IJCAI-03 workshop on ontologies and distributed systems, Aug Acapulco, Mexico; 2003. p. 9-15, 2003, 47-58.

[10]	S. Rehman, K. Mustafa. Software design level vulnerability classification model. Int J Comput Sci Secur,6 (4) (2012), pp. 238-255

[11]	L. Lowis, R. Accorsi. On a classification approach for SOA vulnerabilities. Proceedings of the 33rd annual IEEE international computer software and applications conference,2009 Jul 20-24; Seattle, WA, USA, IEEE Computer Society Press, Los Alamitos (2009), pp. 439-444. DOI: 10.1109/COMPSAC.2009.173

[12]	R. Lal. Information extraction of cybersecurity related terms and concepts from unstructured text dissertation. University of Maryland, College Park (2013)

[13]

Mulwad

, W.

, A.

Joshi

, T.

Finin

, K.

Viswanathan

. Extracting information about security vulnerabilities from web text. J.F.

Hübner

, J.M.

Petit

, E.

Suzuki

(Eds.), Proceedings of 2011 IEEE/WIC/ACM international conference on web intelligence and intelligent agent technology—workshops, 2011 Aug22-27 ; Lyon, France, IEEE Computer Society Press, Los Alamitos (2011), pp. 257-260. DOI: 10.1109/WI-IAT.2011.26

[14]	CNNVD. org. cn [Internet]. Beijing: China Information Technology Security Evaluation Center; [cited 2017 Jul 25]. Available from: http://www.cnnvd.org.cn/. Chinese.

[15]	NVD. nist. gov [Internet]. Gaithersburg: National Institute of Standards and Technology; [cited 2017 Jul 25]. Available from: https://nvd.nist.gov/.

[16]

Paulheim

, C.

Bizer

. Type inference on noisy RDF data. H.

Alani

, L.

Kagal

, A.

Fokoue

, P.

Groth

, C.

Biemann

, J.X.

Parreira

, et al. (Eds.), The semantic web—ISWC 2013: Proceedings of the 12 th international semantic web conference, 2013 Oct 21-25; Sydney, NSW, Australia, Springer, Berlin (2013), pp. 510-525. DOI: 10.1007/978-3-642-41335-3_32

[17]

Paulheim

, C.

Bizer

. Type inference on noisy RDF data. P.

Cudré-Mauroux

, J.

Heflin

, E.

Sirin

, T.

Tudorache

, J.

Euzenat

, M.

Hauswirth

, et al. (Eds.), The semantic web—ISWC 2012: Proceedings of the 11 th international semantic web conference, 2012 Nov 11-15; Boston, MA, USA, Springer, Berlin (2012), pp. 65-81

[18]	T. Kliegr. Linked hypernyms: Enriching DBpedia with targeted hypernym discovery. J Web Semant,31 (2015), pp. 59-69

[19]	J. Lehmann, S. Auer, L. Bühmann, S. Tramp. Class expression learning for ontology engineering. J Web Semant,9 (1) (2011), pp. 71-81

[20]	S. Hellmann, J. Lehmann, S. Auer. Learning of OWL class descriptions on very large knowledge bases. Int J Semant Web Inf Syst,5 (2) (2009), pp. 25-48. DOI: 10.4018/jswis.2009040102

[21]	J. Lehmann. DL-learner: Learning concepts in description logics. J Mach Learn Res,10 (11) (2009), pp. 2639-2642

[22]

Völker

, M.

Niepert. Statistical schema induction

. G.

Antoniou

, M.

Grobelnik

, E.

Simperl

, B.

Parsia

, D.

Plexousakis

, P. De

Leenheer

, et al. (Eds.), The semantic web: Research and applications: Proceedings of the 8th extended semantic web conference, 2011 May 29-Jun 2; Heraklion, Crete, Greece, Springer, Berlin (2011), pp. 124-138. DOI: 10.1007/978-3-642-21034-1_9

[23]

Fleischhacker

, J.

Völker

. Inductive

learning of disjointness axioms

. R.

Meersman

, T.

Dillon

, P.

Herrero

, A.

Kumar

, M.

Reichert

, L.

Qing

, et al. (Eds.), On the move to meaningful internet systems: OTM 2011: Proceedings of confederated international conferences: CoopIS, DOA-SVI, and ODBASE 2011, 2011 Oct 17-21; Hersonissos, Crete, Greece, Springer, Berlin (2011), pp. 680-697. DOI: 10.1007/978-3-642-25106-1_20

[24]	J. Völker, D. Fleischhacker, H. Stuckenschmidt. Automatic acquisition of class disjointness. J Web Semant,35 (Pt 2) (2015), pp. 124-139

[25]	Singhal A. Introducing the knowledge graph: Things, not strings [Internet]. [updated 2012 May 16; cited 2017 Jul 25]. Available from: https://googleblog.blogspot.com/2012/05/introducing-knowledge-graphthings-not.html.

[26]

Lin

, X.

.Phrase clustering for discriminative learning. Proceedings of the 47th annual meeting of the association for computational linguistics and the 4th international joint conference on natural language processing of the AFNLP,2009 Aug 2-7, Suntec, Singapore (2009), pp. 1030-1038. DOI: 10.3115/1690219.1690290

[27]

J.R. Finkel, T. Grenager, C. Manning. Incorporating non-local information into information extraction systems by Gibbs sampling. K. Knight, H.T. Ng, K. Oflazer (Eds.), Proceedings of the 43rd annual meeting of the association for computational linguistics, 2005 Jun 25-30; Ann Arbor, MI, USA, Association for Computational Linguistics, Stroudsburg (2005), pp. 363-370. DOI: 10.3115/1219840.1219885

[28]	NERFeatureFactory Internet. Stanford: Stanford NLP Group; [updated 2013 Jun 26; cited 2017 Jul 25]. Available from: http://nlp.stanford.edu/nlp/javadoc/javanlp/edu/stanford/nlp/ie/NERFeatureFactory.html.