Data recommendation algorithm of network security event based on knowledge graph

To address the difficulty faced by network security operation and maintenance personnel in timely and accurate identification of required data during network security event analysis, a recommendation algorithm based on a knowledge graph for network security events was proposed.The algorithm utilized...

Full description

Saved in:
Bibliographic Details
Main Authors: Xianwei ZHU, Wei LIU, Zihao LIU, Zeyu GU
Format: Article
Language:English
Published: POSTS&TELECOM PRESS Co., LTD 2023-12-01
Series:网络与信息安全学报
Subjects:
Online Access:http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023087
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1841529579632590848
author Xianwei ZHU
Wei LIU
Zihao LIU
Zeyu GU
author_facet Xianwei ZHU
Wei LIU
Zihao LIU
Zeyu GU
author_sort Xianwei ZHU
collection DOAJ
description To address the difficulty faced by network security operation and maintenance personnel in timely and accurate identification of required data during network security event analysis, a recommendation algorithm based on a knowledge graph for network security events was proposed.The algorithm utilized the network threat framework ATT&CK to construct an ontology model and establish a network threat knowledge graph based on this model.It extracted relevant security data such as attack techniques, vulnerabilities, and defense measures into interconnected security knowledge within the knowledge graph.Entity data was extracted based on the knowledge graph, and entity vectors were obtained using the TransH algorithm.These entity vectors were then used to calculate data similarity between entities in network threat data.Disposal behaviors were extracted from literature on network security event handling and treated as network security data entities.A disposal behavior matrix was constructed, and the behavior matrix enabled the vector representation of network threat data.The similarity of network threat data entities was calculated based on disposal behaviors.Finally, the similarity between network threat data and threat data under network security event handling behavior was fused to generate a data recommendation list for network security events, which established correlations between network threat domains based on user behavior.Experimental results demonstrate that the algorithm performs optimally when the fusion weight α=7 and the recommended data volume K=5, achieving a recall rate of 62.37% and an accuracy rate of 68.23%.By incorporating disposition behavior similarity in addition to data similarity, the algorithm better represents factual disposition behavior.Compared to other algorithms, this algorithm exhibits significant advantages in recall rate and accuracy, particularly when the recommended data volume is less than 10.
format Article
id doaj-art-002191d781b3417f9f57aeb30dadc4a9
institution Kabale University
issn 2096-109X
language English
publishDate 2023-12-01
publisher POSTS&TELECOM PRESS Co., LTD
record_format Article
series 网络与信息安全学报
spelling doaj-art-002191d781b3417f9f57aeb30dadc4a92025-01-15T03:16:53ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-12-01911612659580550Data recommendation algorithm of network security event based on knowledge graphXianwei ZHUWei LIUZihao LIUZeyu GUTo address the difficulty faced by network security operation and maintenance personnel in timely and accurate identification of required data during network security event analysis, a recommendation algorithm based on a knowledge graph for network security events was proposed.The algorithm utilized the network threat framework ATT&CK to construct an ontology model and establish a network threat knowledge graph based on this model.It extracted relevant security data such as attack techniques, vulnerabilities, and defense measures into interconnected security knowledge within the knowledge graph.Entity data was extracted based on the knowledge graph, and entity vectors were obtained using the TransH algorithm.These entity vectors were then used to calculate data similarity between entities in network threat data.Disposal behaviors were extracted from literature on network security event handling and treated as network security data entities.A disposal behavior matrix was constructed, and the behavior matrix enabled the vector representation of network threat data.The similarity of network threat data entities was calculated based on disposal behaviors.Finally, the similarity between network threat data and threat data under network security event handling behavior was fused to generate a data recommendation list for network security events, which established correlations between network threat domains based on user behavior.Experimental results demonstrate that the algorithm performs optimally when the fusion weight α=7 and the recommended data volume K=5, achieving a recall rate of 62.37% and an accuracy rate of 68.23%.By incorporating disposition behavior similarity in addition to data similarity, the algorithm better represents factual disposition behavior.Compared to other algorithms, this algorithm exhibits significant advantages in recall rate and accuracy, particularly when the recommended data volume is less than 10.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023087network threat datanetwork security eventsknowledge graphsimilarity, event handling behaviordata recommendation
spellingShingle Xianwei ZHU
Wei LIU
Zihao LIU
Zeyu GU
Data recommendation algorithm of network security event based on knowledge graph
网络与信息安全学报
network threat data
network security events
knowledge graph
similarity, event handling behavior
data recommendation
title Data recommendation algorithm of network security event based on knowledge graph
title_full Data recommendation algorithm of network security event based on knowledge graph
title_fullStr Data recommendation algorithm of network security event based on knowledge graph
title_full_unstemmed Data recommendation algorithm of network security event based on knowledge graph
title_short Data recommendation algorithm of network security event based on knowledge graph
title_sort data recommendation algorithm of network security event based on knowledge graph
topic network threat data
network security events
knowledge graph
similarity, event handling behavior
data recommendation
url http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023087
work_keys_str_mv AT xianweizhu datarecommendationalgorithmofnetworksecurityeventbasedonknowledgegraph
AT weiliu datarecommendationalgorithmofnetworksecurityeventbasedonknowledgegraph
AT zihaoliu datarecommendationalgorithmofnetworksecurityeventbasedonknowledgegraph
AT zeyugu datarecommendationalgorithmofnetworksecurityeventbasedonknowledgegraph