Skip to main content
SpringerLink
Log in

Generating Network Security Defense Strategy Based on Cyber Threat Intelligence Knowledge Graph

  • Conference paper
  • First Online:
Emerging Networking Architecture and Technologies (ICENAT 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1696))

Abstract

Network systems are composed of thousands of devices connected in complex network topologies. The diversity and complexity of these devices increase the security risks of network systems. Cyber Threat Intelligence (CTI) contains rich information about devices, cyber, and defenses. However, due to the lack of correlation among security knowledge, some advanced reasoning tasks cannot be performed, such as device attack information and defense strategies. We construct the CTI ontology and knowledge graph, and propose a defense strategy inference model consisting of knowledge graph embedding algorithms CTI-KGE and reasoning rules. CTI-KGE is based on knowledge representation learning, and link prediction tasks can infer the tail entities that have any relationship with the head entity automatically, completing the threat information. Rule reasoning is interpretable, which can generate defense strategies automatically. Finally, we evaluate the effectiveness of the model and demonstrate its feasibility using actual network system scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Burger, E.W., Goodman, M.D., Kampanakis, P., Zhu, K.A.: Taxonomy model for cyber threat intelligence information exchange technologies. In: Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 51–60 (2014)

    Google Scholar 

  2. Noel, S., Harley, E., Tam, K.H., Limiero, M., Share, M.: CyGraph: graph-based analytics and visualization for cybersecurity. Handbook Statist. 35, 117–167 (2016)

    Article  Google Scholar 

  3. Cui, B.: Electric device abnormal detection based on IoT and knowledge graph. In: 2019 IEEE International Conference on Energy Internet, pp. 217–220. IEEE, Nanjing, China (2019)

    Google Scholar 

  4. Han, Z., Li, X., Liu, H., Xing, Z., Feng, Z.: Deepweak: Reasoning common software weaknesses via knowledge graph embedding. In: 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering, pp. 456–466. IEEE. Campobasso, Italy (2018)

    Google Scholar 

  5. You, S., Li, X., Chen, W.: Intelligent Prediction for Device Status Based on IoT Temporal Knowledge Graph. In: 2020 IEEE/CIC International Conference on Communications in China, pp. 560–565. IEEE. Chongqing, China (2020)

    Google Scholar 

  6. Zhu, Z., Jiang, R., Jia, Y., Xu, J., Li, A.: Cyber security knowledge graph based cyber attack attribution framework for space-ground integration information network. In: 2018 IEEE 18th International Conference on Communication Technology, pp. 870–874. IEEE. Chongqing, China (2018)

    Google Scholar 

  7. Chen, X., Shen, W., Yang, G.: Automatic Generation of Attack Strategy for Multiple Vulnerabilities Based on Domain Knowledge Graph. In: IECON 2021–47th Annual Conference of the IEEE Industrial Electronics Society, pp. 1–6. IEEE. Toronto, ON, Canada (2021)

    Google Scholar 

  8. Y u, S., Liu, M., Dou, W., Liu, X., Zhou, S.: Networking for big data: a survey. IEEE Commun.Surv. Tutor. 19(1), 531–549 (2017)

    Google Scholar 

  9. Feng, C., Zhou, B., Zhang, H., et al.: HetNet: a flexible architecture for heterogeneous satelliteterrestrial networks. IEEE Network 31(6), 86–92 (2017)

    Google Scholar 

  10. Du, M., Jiang, J., Jiang, Z., Lu, Z., Du,: X.: PRTIRG: a knowledge graph for people-readable threat intelligence recommendation. In: International Conference on Knowledge Science. Engineering and Management, pp. 47–59. Springer, Cham (2019)

    Google Scholar 

  11. Sarhan, I., Spruit, M.: Open-cykg: An open cyber threat intelligence knowledge graph. Knowl.-Based Syst. 233, 107524 (2021)

    Article  Google Scholar 

  12. Rastogi, N., Dutta, S., Zaki, M.J., Gittens, A., Aggarwal, C.: Malont: An ontology for malware threat intelligence. In: Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds.) MLHat 2020. CCIS, vol. 1271, pp. 28–44. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59621-7_2

    Chapter  Google Scholar 

  13. Rastogi, N., Dutta, S., Christian, R., Zaki, M., Gittens, A., Aggarwal, C.: Information prediction using knowledge graphs for contextual malware threat intelligence. arXiv preprint arXiv:2102.05571 (2021)

  14. Zhang, H., Yin, Y., Zhao, D., Liu, B.: Network security situational awareness model based on threat intelligence. Journal on Communications 42(6), 182–194 (2021)

    Google Scholar 

  15. Wang, W., Zhou, H., Li, K., Zhe, Tu., Liu, F.: Cyber-Attack Behavior Knowledge Graph Based on CAPEC and CWE Towards 6G. In: You, I., Kim, H., Youn, T.-Y., Palmieri, F., Kotenko, I. (eds.) MobiSec 2021. CCIS, vol. 1544, pp. 352–364. Springer, Singapore (2022). https://doi.org/10.1007/978-981-16-9576-6_24

    Chapter  Google Scholar 

  16. Wang, Y., Li, Y., Chen, X., Luo, Y.: Implementing Network Attack Detection with a Novel NSSA Model Based on Knowledge Graphs. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in: Computing and Communications, pp. 1727–1732). IEEE. Guangzhou, China (2020)

    Google Scholar 

  17. Sun, C., Hu, H., Yang, Y., Zhang, H.: Prediction method of 0day attack path based on cyber defense knowledge graph (Chinese). Chinese Journal of Network and Information Security 8(1), 151–166 (2022)

    Google Scholar 

  18. Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity. In: Ghidini, C., et al. (eds.) ISWC 2019. LNCS, vol. 11779, pp. 198–214. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30796-7_13

    Chapter  Google Scholar 

  19. Sahoo, S.S., Halb, W., Hellmann, S. et al.: A survey of current approaches for mapping of relational databases to RDF. W3C RDB2RDF Incubator Group Report, 1, pp. 113–130 (2009)

    Google Scholar 

  20. Chen, X., Jia, S., Xiang, Y.: A review: Knowledge reasoning over knowledge graph. Expert Syst. Appl. 141, 112948 (2020)

    Article  Google Scholar 

  21. Zhang, Z., Cai, J., Zhang, Y., Wang, J.: Learning hierarchy-aware knowledge graph embeddings for link prediction. Proceedings of the AAAI Conference on Artificial Intelligence 34(03), 3065–3072 (2020)

    Article  Google Scholar 

  22. Sun, Z., Deng, Z. H., Nie, J. Y., Tang, J.: Rotate: Knowledge graph embedding by relational rotation in complex space. arXiv preprint arXiv:1902.10197 (2019)

Download references

Author information

Authors and Affiliations

  1. Zhongyuan University of Technology, Zhengzhou, China

    Shuqin Zhang, Shuhan Li, Peng Chen, Shijie Wang & Chunxia Zhao

Authors
  1. Shuqin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuhan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shijie Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chunxia Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shuqin Zhang .

Editor information

Editors and Affiliations

  1. Beijing Jiaotong University, Beijing, China

    Wei Quan

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, S., Li, S., Chen, P., Wang, S., Zhao, C. (2023). Generating Network Security Defense Strategy Based on Cyber Threat Intelligence Knowledge Graph. In: Quan, W. (eds) Emerging Networking Architecture and Technologies. ICENAT 2022. Communications in Computer and Information Science, vol 1696. Springer, Singapore. https://doi.org/10.1007/978-981-19-9697-9_41

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-9697-9_41

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-9696-2

  • Online ISBN: 978-981-19-9697-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation