Automatic Analysis and Reasoning Based on Vulnerability Knowledge Graph

In the security community, it is valuable to extract and store the vulnerability knowledge. Many data sources record vulnerability in unstructured data and semi-structured data which are hard for machine-understanding and reuse. Security expert need to analyze the description, link to related knowledge and reason out the hidden connection among various weakness. It is necessary to analyze the vulnerability data automatically and manage knowledge in a more intelligent method. In this paper, we propose a model for automatic analysis and reasoning based on the vulnerability knowledge graph. The vulnerability knowledge graph is extracted from several widely used vulnerability databases and stored in the graph database. Natural language processing technique is used to process and analyze the latest vulnerability description. The extracted entity will be linked to the vulnerability knowledge graph and added as new knowledge. Reasoning function can find hidden relationships among weaknesses based on the knowledge graph. Finally, we present sample cases to demonstrate the practical usage of the model.

[1]  Ankur Padia,et al.  UCO: A Unified Cybersecurity Ontology , 2016, AAAI Workshop: Artificial Intelligence for Cyber Security.

[2]  Tim Oates,et al.  Early Detection of Cybersecurity Threats Using Collaborative Cognition , 2018, 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC).

[3]  Christian Bizer,et al.  DBpedia spotlight: shedding light on the web of documents , 2011, I-Semantics '11.

[4]  Yan Jia,et al.  A Practical Approach to Constructing a Knowledge Graph for Cybersecurity , 2018 .

[5]  Anupam Joshi,et al.  RelExt: Relation Extraction using Deep Learning approaches for Cybersecurity Knowledge Graph Improvement , 2019, 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[6]  Ellis E. Eghan,et al.  SV-AF — A Security Vulnerability Analysis Framework , 2016, 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE).

[7]  Timothy W. Finin,et al.  A Knowledge-Based Approach to Intrusion Detection Modeling , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[8]  Zhou Li,et al.  Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence , 2016, CCS.

[9]  Timothy W. Finin,et al.  Extracting Cybersecurity Related Linked Data from Text , 2013, 2013 IEEE Seventh International Conference on Semantic Computing.

[10]  Zhenchang Xing,et al.  DeepWeak: Reasoning common software weaknesses via knowledge graph embedding , 2018, 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[11]  Karen A. Scarfone,et al.  Common Platform Enumeration: Naming Specification Version 2.3 , 2011 .

[12]  Timothy W. Finin,et al.  A Target-Centric Ontology for Intrusion Detection , 2003, IJCAI 2003.

[13]  Qing Gao,et al.  Refining Traceability Links Between Vulnerability and Software Component in a Vulnerability Knowledge Graph , 2018, ICWE.

[14]  Michael D. Iannacone,et al.  Developing an Ontology for Cyber Security Knowledge Graphs , 2015, CISR.