Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network
Threat analysis relies on knowledge bases that contain a large number of security entities.The scope and impact of security threats and risks are evaluated by modeling threat sources, attack capabilities, attack motivations, and threat paths, taking into consideration the vulnerability of assets in...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-08-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023052 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850091386047561728 |
|---|---|
| author | Weicheng QIU Xiuzhen CHEN Yinghua MA Jin MA Zhihong ZHOU |
| author_facet | Weicheng QIU Xiuzhen CHEN Yinghua MA Jin MA Zhihong ZHOU |
| author_sort | Weicheng QIU |
| collection | DOAJ |
| description | Threat analysis relies on knowledge bases that contain a large number of security entities.The scope and impact of security threats and risks are evaluated by modeling threat sources, attack capabilities, attack motivations, and threat paths, taking into consideration the vulnerability of assets in the system and the security measures implemented.However, the lack of entity relations between these knowledge bases hinders the security event tracking and attack path generation.To complement entity relations between CAPEC and ATT&CK techniques and enrich threat paths, an entity correlation prediction method called WGS was proposed, in which entity descriptions were analyzed based on word embedding and a graph convolution network.A Word2Vec model was trained in the proposed method for security domain to extract domain-specific semantic features and a GCN model to capture the co-occurrence between words and sentences in entity descriptions.The relationship between entities was predicted by a Siamese network that combines these two features.The inclusion of external semantic information helped address the few-shot learning problem caused by limited entity relations in the existing knowledge base.Additionally, dynamic negative sampling and regularization was applied in model training.Experiments conducted on CAPEC and ATT&CK database provided by MITRE demonstrate that WGS effectively separates related entity pairs from irrelevant ones in the sample space and accurately predicts new entity relations.The proposed method achieves higher prediction accuracy in few-shot learning and requires shorter training time and less computing resources compared to the Bert-based text similarity prediction models.It proves that word embedding and graph convolutional network based entity relation prediction method can extract new entity correlation relationships between attack patterns and techniques.This helps to abstract attack techniques and tactics from low-level vulnerabilities and weaknesses in security threat analysis. |
| format | Article |
| id | doaj-art-93fd017f9f0a4c47abdfbce87b464d40 |
| institution | DOAJ |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-08-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-93fd017f9f0a4c47abdfbce87b464d402025-08-20T02:42:24ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-08-019405259579212Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional networkWeicheng QIUXiuzhen CHENYinghua MAJin MAZhihong ZHOUThreat analysis relies on knowledge bases that contain a large number of security entities.The scope and impact of security threats and risks are evaluated by modeling threat sources, attack capabilities, attack motivations, and threat paths, taking into consideration the vulnerability of assets in the system and the security measures implemented.However, the lack of entity relations between these knowledge bases hinders the security event tracking and attack path generation.To complement entity relations between CAPEC and ATT&CK techniques and enrich threat paths, an entity correlation prediction method called WGS was proposed, in which entity descriptions were analyzed based on word embedding and a graph convolution network.A Word2Vec model was trained in the proposed method for security domain to extract domain-specific semantic features and a GCN model to capture the co-occurrence between words and sentences in entity descriptions.The relationship between entities was predicted by a Siamese network that combines these two features.The inclusion of external semantic information helped address the few-shot learning problem caused by limited entity relations in the existing knowledge base.Additionally, dynamic negative sampling and regularization was applied in model training.Experiments conducted on CAPEC and ATT&CK database provided by MITRE demonstrate that WGS effectively separates related entity pairs from irrelevant ones in the sample space and accurately predicts new entity relations.The proposed method achieves higher prediction accuracy in few-shot learning and requires shorter training time and less computing resources compared to the Bert-based text similarity prediction models.It proves that word embedding and graph convolutional network based entity relation prediction method can extract new entity correlation relationships between attack patterns and techniques.This helps to abstract attack techniques and tactics from low-level vulnerabilities and weaknesses in security threat analysis.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023052security entity correlationnatural language processinggraph convolution neural networkfew-shot learning |
| spellingShingle | Weicheng QIU Xiuzhen CHEN Yinghua MA Jin MA Zhihong ZHOU Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network 网络与信息安全学报 security entity correlation natural language processing graph convolution neural network few-shot learning |
| title | Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network |
| title_full | Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network |
| title_fullStr | Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network |
| title_full_unstemmed | Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network |
| title_short | Predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network |
| title_sort | predicting correlation relationships of entities between attack patterns and techniques based on word embedding and graph convolutional network |
| topic | security entity correlation natural language processing graph convolution neural network few-shot learning |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023052 |
| work_keys_str_mv | AT weichengqiu predictingcorrelationrelationshipsofentitiesbetweenattackpatternsandtechniquesbasedonwordembeddingandgraphconvolutionalnetwork AT xiuzhenchen predictingcorrelationrelationshipsofentitiesbetweenattackpatternsandtechniquesbasedonwordembeddingandgraphconvolutionalnetwork AT yinghuama predictingcorrelationrelationshipsofentitiesbetweenattackpatternsandtechniquesbasedonwordembeddingandgraphconvolutionalnetwork AT jinma predictingcorrelationrelationshipsofentitiesbetweenattackpatternsandtechniquesbasedonwordembeddingandgraphconvolutionalnetwork AT zhihongzhou predictingcorrelationrelationshipsofentitiesbetweenattackpatternsandtechniquesbasedonwordembeddingandgraphconvolutionalnetwork |