Research And Implementation Of Cybersecurity Knowledge Graph Construction Technology

As the era moves towards the Internet of Everything,cyberattacks on governments,enterprises and society are frequent,which seriously threatens national security and social stability.Based on the case analysis of knowledge graph technology successfully applied in various fields,the use of knowledge graph technology to empower the cybersecurity field has become a research hotspot.The cybersecurity knowledge graph can perform semantic analysis and understanding of multi-source,heterogeneous,fragmented mass data,integrate it into cybersecurity intelligence knowledge,and provide decision support for deeper analysis.Therefore,this thesis focuses on how to use cybersecurity big data to construct a cybersecurity knowledge graph,and to implement the corresponding prototype system.The work of this thesis focuses on the following aspects:First,the basic knowledge system constructed by the cybersecurity knowledge graph is represented by the cybersecurity domain ontology.Due to the different focus of the existing cybersecurity domain ontology,the ontology is difficult to fully apply to a wider range of cybersecurity data sources.Therefore,on the basis of reusing the existing cybersecurity domain ontology,this thesis comprehensively considers three different dimensions of assets,fragility,and attacks based on existing cybersecurity data,and constructs a cybersecurity domain ontology with stronger versatility(Asset Fragile Attack Cybersecurity Domain Ontology,AFACSDO)which provides support for the construction of a cybersecurity knowledge graph.Then,in order to extract knowledge from unstructured cybersecurity data,the construction of a cybersecurity knowledge graph requires named entity recognition and relation extraction.Aiming at the problem that traditional named entity recognition uses statistical learning methods relying on artificially extracted features,this thesis proposes a combination of dictionary feature(DF),attention mechanism(Att)and convolutional neural network(CNN)based on BiLSTM-CRF neural network model to construct a cybersecurity entity recognition model(DF-Att-CNN-BiLSTM-CRF),which converts cybersecurity entity recognition tasks into end-to-end sequence labeling.Firstly,the words in the sequence are represented as word embedding through the word vector model.Secondly,the convolutional neural network is used to obtain the character features as character embedding,and connected word embedding as the model input.The entity dictionary is used to capture dictionary features.Then,the bi-directional long short-term memory model extracts context features and an attention mechanism is introduced to capture local key semantic information of the context.Finally,the conditional random field is used to complete the identification of cybersecurity entities.The model is applied to open datasets for verification experiments.The experimental results show that compared with other methods,the model improves the precision and F1 value of entity recognition under the same environment,and the precision reaches 89.97%.Based on the identified entities,use the relationship template to implement entity relation construction,and complete cybersecurity knowledge extraction from unstructured data.Finally,based on the constructed cybersecurity domain ontology and existing cybersecurity data,the cybersecurity knowledge graph is constructed through unstructured data cybersecurity knowledge extraction,multi-source heterogeneous knowledge fusion,knowledge verification and knowledge storage and retrieval technologies.And design and implement a cybersecurity knowledge graph prototype system.