Prediction method of 0day attack path based on cyber defense knowledge graph
To solve the difficulty of attack detection caused by the 0day vulnerability, a prediction method of 0day attack path based on cyber defense knowledge graph was proposed.The cyber defense knowledge graph was constructed to refine the discrete security data such as threat, vulnerability and asset int...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021101 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529817189580800 |
|---|---|
| author | Cheng SUN Hao HU Yingjie YANG Hongqi ZHANG |
| author_facet | Cheng SUN Hao HU Yingjie YANG Hongqi ZHANG |
| author_sort | Cheng SUN |
| collection | DOAJ |
| description | To solve the difficulty of attack detection caused by the 0day vulnerability, a prediction method of 0day attack path based on cyber defense knowledge graph was proposed.The cyber defense knowledge graph was constructed to refine the discrete security data such as threat, vulnerability and asset into the complete and high-related knowledge format by extracting concepts and entities related to network attack from cyber security ontology research finds and databases.Based on the knowledge integrated by the knowledge graph, assumed and restricted the unknown attributes such as the existence, availability and harmfulness of 0day vulnerabilities, and model the concept of "attack" as a relationship between attacker entities and device entities in the knowledge graph to transform the attack prediction to the link prediction of knowledge graph.According to this, apply path ranking algorithm was applied to mine the potential 0day attack in the target system and construct the 0day attack graph.Predicted the 0day attack path by utilizing the scores output by classifiers as the occurrence probabilities of single step attack and computing the occurrence probabilities of different attack paths.The experimental result shows that with the help of complete knowledge system provided by knowledge graph, the proposed method can reduce the dependence of prediction analysis on expert model and overcome the bad influence of 0day vulnerability to improve the accuracy of 0day attack prediction.And utilizing the characteristic that path ranking algorithm reasons based on the structure of graph can also help to backtrack the reasons of predicting results so as to improve the explainability of predicting. |
| format | Article |
| id | doaj-art-add594fd96ae4a4aa115d904fcbbebd5 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-add594fd96ae4a4aa115d904fcbbebd52025-01-15T03:15:42ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-01815116659571831Prediction method of 0day attack path based on cyber defense knowledge graphCheng SUNHao HUYingjie YANGHongqi ZHANGTo solve the difficulty of attack detection caused by the 0day vulnerability, a prediction method of 0day attack path based on cyber defense knowledge graph was proposed.The cyber defense knowledge graph was constructed to refine the discrete security data such as threat, vulnerability and asset into the complete and high-related knowledge format by extracting concepts and entities related to network attack from cyber security ontology research finds and databases.Based on the knowledge integrated by the knowledge graph, assumed and restricted the unknown attributes such as the existence, availability and harmfulness of 0day vulnerabilities, and model the concept of "attack" as a relationship between attacker entities and device entities in the knowledge graph to transform the attack prediction to the link prediction of knowledge graph.According to this, apply path ranking algorithm was applied to mine the potential 0day attack in the target system and construct the 0day attack graph.Predicted the 0day attack path by utilizing the scores output by classifiers as the occurrence probabilities of single step attack and computing the occurrence probabilities of different attack paths.The experimental result shows that with the help of complete knowledge system provided by knowledge graph, the proposed method can reduce the dependence of prediction analysis on expert model and overcome the bad influence of 0day vulnerability to improve the accuracy of 0day attack prediction.And utilizing the characteristic that path ranking algorithm reasons based on the structure of graph can also help to backtrack the reasons of predicting results so as to improve the explainability of predicting.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021101knowledge graph0day attackattack path prediction |
| spellingShingle | Cheng SUN Hao HU Yingjie YANG Hongqi ZHANG Prediction method of 0day attack path based on cyber defense knowledge graph 网络与信息安全学报 knowledge graph 0day attack attack path prediction |
| title | Prediction method of 0day attack path based on cyber defense knowledge graph |
| title_full | Prediction method of 0day attack path based on cyber defense knowledge graph |
| title_fullStr | Prediction method of 0day attack path based on cyber defense knowledge graph |
| title_full_unstemmed | Prediction method of 0day attack path based on cyber defense knowledge graph |
| title_short | Prediction method of 0day attack path based on cyber defense knowledge graph |
| title_sort | prediction method of 0day attack path based on cyber defense knowledge graph |
| topic | knowledge graph 0day attack attack path prediction |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021101 |
| work_keys_str_mv | AT chengsun predictionmethodof0dayattackpathbasedoncyberdefenseknowledgegraph AT haohu predictionmethodof0dayattackpathbasedoncyberdefenseknowledgegraph AT yingjieyang predictionmethodof0dayattackpathbasedoncyberdefenseknowledgegraph AT hongqizhang predictionmethodof0dayattackpathbasedoncyberdefenseknowledgegraph |