A Practical Approach to Constructing a Knowledge Graph for Cybersecurity

Abstract Cyberattack forms are complex and varied, and the detection and prediction of dynamic types of attack are always challenging tasks. Research on knowledge graphs is becoming increasingly mature in many fields. At present, it is very significant that certain scholars have combined the concept of the knowledge graph with cybersecurity in order to construct a cybersecurity knowledge base. This paper presents a cybersecurity knowledge base and deduction rules based on a quintuple model. Using machine learning, we extract entities and build ontology to obtain a cybersecurity knowledge base. New rules are then deduced by calculating formulas and using the path-ranking algorithm. The Stanford named entity recognizer (NER) is also used to train an extractor to extract useful information. Experimental results show that the Stanford NER provides many features and the useGazettes parameter may be used to train a recognizer in the cybersecurity domain in preparation for future work.

[1]  Dekang Lin,et al.  Phrase Clustering for Discriminative Learning , 2009, ACL.

[2]  Timothy W. Finin,et al.  A Knowledge-Based Approach to Intrusion Detection Modeling , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[3]  Jens Lehmann,et al.  DL-Learner: Learning Concepts in Description Logics , 2009, J. Mach. Learn. Res..

[4]  Timothy W. Finin,et al.  Extracting Information about Security Vulnerabilities from Web Text , 2011, 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology.

[5]  Christopher D. Manning,et al.  Incorporating Non-local Information into Information Extraction Systems by Gibbs Sampling , 2005, ACL.

[6]  Anupam Joshi,et al.  Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.

[7]  Jens Lehmann,et al.  Class expression learning for ontology engineering , 2011, J. Web Semant..

[8]  Johanna Völker,et al.  Inductive Learning of Disjointness Axioms , 2011, OTM Conferences.

[9]  Tomás Kliegr,et al.  Linked hypernyms: Enriching DBpedia with Targeted Hypernym Discovery , 2015, J. Web Semant..

[10]  Timothy W. Finin,et al.  Extracting Cybersecurity Related Linked Data from Text , 2013, 2013 IEEE Seventh International Conference on Semantic Computing.

[11]  Xiang Zhu,et al.  Real-time personalized twitter search based on semantic expansion and quality model , 2017, Neurocomputing.

[12]  Lutz Lowis,et al.  On a Classification Approach for SOA Vulnerabilities , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[13]  Johanna Völker,et al.  Automatic acquisition of class disjointness , 2015, J. Web Semant..

[14]  Jens Lehmann,et al.  Learning of OWL Class Descriptions on Very Large Knowledge Bases , 2008, SEMWEB.

[15]  Michael D. Iannacone,et al.  Developing an Ontology for Cyber Security Knowledge Graphs , 2015, CISR.

[16]  Philip S. Yu,et al.  CHRS: Cold Start Recommendation Across Multiple Heterogeneous Information Networks , 2017, IEEE Access.

[17]  Mary C. Parmelee Toward an Ontology Architecture for Cyber-Security Standards , 2010, STIDS.

[18]  Johanna Völker,et al.  Statistical Schema Induction , 2011, ESWC.

[19]  Heiko Paulheim,et al.  Type Inference on Noisy RDF Data , 2013, SEMWEB.