Predicting Entity Relations across Different Security Databases by Using Graph Attention Network

Security databases such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) maintain diverse high-quality security concepts, which are treated as security entities. Meanwhile, security entities are documented with many potential relation types that profit for security analysis and comprehension across these three popular databases. To support reasoning security entity relationships, translation-based knowledge graph representation learning treats each triple independently for the entity prediction. However, it neglects the important semantic information about the neighbor entities around the triples. To address it, we propose a text-enhanced graph attention network model (text-enhanced GAT). This model highlights the importance of the knowledge in the 2−hop neighbors surrounding a triple, under the observation of the diversity of each entity. Thus, we can capture more structural and textual information from the knowledge graph about the security databases. Extensive experiments are designed to evaluate the effectiveness of our proposed model on the prediction of security entity relationships. Moreover, the experimental results outperform the state-of-the-art by Mean Reciprocal Rank (MRR) 0.132 for detecting the missing relationships.

[1]  Gerhard Weikum,et al.  YAGO 4: A Reason-able Knowledge Base , 2020, ESWC.

[2]  Le Song,et al.  Variational Reasoning for Question Answering with Knowledge Graph , 2017, AAAI.

[3]  Max Welling,et al.  Semi-Supervised Classification with Graph Convolutional Networks , 2016, ICLR.

[4]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[5]  Xiang Li,et al.  A Mining Approach to Obtain the Software Vulnerability Characteristics , 2017, 2017 Fifth International Conference on Advanced Cloud and Big Data (CBD).

[6]  Zhenchang Xing,et al.  Predicting Missing Information of Vulnerability Reports , 2020, WWW.

[7]  Pietro Liò,et al.  Graph Attention Networks , 2017, ICLR.

[8]  Minhui Xue,et al.  iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications , 2020, USENIX Security Symposium.

[9]  Zhenchang Xing,et al.  DeepWeak: Reasoning common software weaknesses via knowledge graph embedding , 2018, 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[10]  Zhenchang Xing,et al.  Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach , 2019, ICONIP.

[11]  Zhen Wang,et al.  Knowledge Graph Embedding by Translating on Hyperplanes , 2014, AAAI.

[12]  Zhenchang Xing,et al.  Key Aspects Augmentation of Vulnerability Description based on Multiple Security Databases , 2021, 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC).

[13]  Mehran Bozorgi,et al.  Beyond heuristics: learning to classify vulnerabilities and predict exploits , 2010, KDD.

[14]  Jason Weston,et al.  Translating Embeddings for Modeling Multi-relational Data , 2013, NIPS.

[15]  Pasquale Minervini,et al.  Convolutional 2D Knowledge Graph Embeddings , 2017, AAAI.

[16]  Zhenchang Xing,et al.  Joint Prediction of Multiple Vulnerability Characteristics Through Multi-Task Learning , 2019, 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS).

[17]  Bo Sun,et al.  Automation of Vulnerability Classification from its Description using Machine Learning , 2020, 2020 IEEE Symposium on Computers and Communications (ISCC).

[18]  Zhiyuan Liu,et al.  Learning Entity and Relation Embeddings for Knowledge Graph Completion , 2015, AAAI.

[19]  Common Attack Pattern Enumeration and Classification — CAPEC TM A Community Knowledge Resource for Building Secure Software , 2013 .

[20]  Jens Lehmann,et al.  DBpedia - A large-scale, multilingual knowledge base extracted from Wikipedia , 2015, Semantic Web.

[21]  Manohar Kaul,et al.  Learning Attention-based Embeddings for Relation Prediction in Knowledge Graphs , 2019, ACL.

[22]  Jianfeng Gao,et al.  Embedding Entities and Relations for Learning and Inference in Knowledge Bases , 2014, ICLR.

[23]  Praveen Paritosh,et al.  Freebase: a collaboratively created graph database for structuring human knowledge , 2008, SIGMOD Conference.

[24]  Zhenchang Xing,et al.  Learning to Predict Severity of Software Vulnerability Using Only Vulnerability Description , 2017, 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[25]  Bowen Zhou,et al.  A Structured Self-attentive Sentence Embedding , 2017, ICLR.

[26]  Lingling Fan,et al.  Are mobile banking apps secure? what can be improved? , 2018, ESEC/SIGSOFT FSE.

[27]  Dai Quoc Nguyen,et al.  A Novel Embedding Model for Knowledge Base Completion Based on Convolutional Neural Network , 2017, NAACL.

[28]  Jeffrey Dean,et al.  Efficient Estimation of Word Representations in Vector Space , 2013, ICLR.

[29]  Yixin Cao,et al.  Explainable Reasoning over Knowledge Graphs for Recommendation , 2018, AAAI.

[30]  Fabian M. Suchanek,et al.  Yago: A Core of Semantic Knowledge Unifying WordNet and Wikipedia , 2007 .

[31]  Minhui Xue,et al.  AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps , 2018, ArXiv.

[32]  Xiapu Luo,et al.  ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications , 2021, 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE).

[33]  Zhiyuan Liu,et al.  Representation Learning of Knowledge Graphs with Entity Descriptions , 2016, AAAI.

[34]  Lorenzo Rosasco,et al.  Holographic Embeddings of Knowledge Graphs , 2015, AAAI.

[35]  Guillaume Bouchard,et al.  Complex Embeddings for Simple Link Prediction , 2016, ICML.

[36]  Xin Chen,et al.  Bridging Semantic Gaps between Natural Languages and APIs with Word Embedding , 2018, IEEE Transactions on Software Engineering.

[37]  Hans-Peter Kriegel,et al.  A Three-Way Model for Collective Learning on Multi-Relational Data , 2011, ICML.

[38]  Ah Chung Tsoi,et al.  The Graph Neural Network Model , 2009, IEEE Transactions on Neural Networks.

[39]  Yelong Shen,et al.  A Latent Semantic Model with Convolutional-Pooling Structure for Information Retrieval , 2014, CIKM.

[40]  Max Welling,et al.  Modeling Relational Data with Graph Convolutional Networks , 2017, ESWC.