Research On The Construction Technology Of Cybersecurity Resource Library Based On Ontology

In recent years,with the rapid popularization of Internet information technology,the scale of the network has expanded dramatically,and the network environment has also become complicated.The ensuing issue of cybersecurity not only seriously affects individual users,but also brings huge security risks to the normal development of the country's politics,economy,and people's livelihood.The cybersecurity resource library can not only integrate various types of heterogeneous cybersecurity knowledge but also collect and extract unstructured cybersecurity knowledge such as security blogs to provide knowledge support for specific applications such as emergency response and situational awareness.Therefore,this thesis analyzes and integrates massive network security data,constructs the knowledge system of network security resource base,and designs and implements the network security resource base system.Firstly,this thesis constructs the cybersecurity domain ontology,which is used to represent the cybersecurity resource library knowledge system.Since the existing cybersecurity domain ontology is not suitable for analyzing various types of cybersecurity data sources,this thesis first studies and analyzes the data characteristics of cybersecurity,and then combines the existing cybersecurity domain ontology and the highly recognized industry in the cybersecurity domain standardization,and finally build a multi-dimension cybersecurity domain ontology(MDCDO).This ontology can integrate a variety of data sources and provides a semantic foundation for the cybersecurity resource library.Then,based on the cybersecurity domain ontology,this thesis proposes an extraction algorithm for unstructured cybersecurity data,including entity extraction and relationship construction.Due to the different characteristics of cybersecurity knowledge structure,this thesis divides the entity extraction data into two modules: named entity recognition and attack pattern extraction.Firstly,for nominal entities such as attacking organizations and malware,this thesis proposes a cybersecurity entity recognition model that combines Feature Template(FT),Attention mechanism(Att),Bi LSTM model,and CRF model,abbreviated as FT-Bi LSTM-Att-CRF model.The experimental results show that the model has a good recognition effect on unstructured data in the cybersecurity domain,and the F1 value reaches 85.86%.Then,for non-nominal entities such as attack patterns,this thesis proposes an attack pattern extraction method based on Dependency Parser(DP),Latent Semantic Indexing(LSI),and BM25,abbreviated as DP-LSI-BM25 method.Experimental results show that this method has a higher extraction efficiency for attack activity reports,and its F1 value reaches 80.12%.This thesis combines the extracted entities and the relationship set of the cybersecurity domain ontology to complete the relationship construction,to obtain the network structured knowledge,and complete the knowledge extraction of the unstructured data in the cybersecurity domain.Finally,complete the construction of the cybersecurity resource library prototype system.This thesis combines cybersecurity knowledge bases,such as NVD,ATT&CK,and unstructured data such as security blogs,to design and complete the knowledge construction system and knowledge display system of the cybersecurity resource library,and completes data extraction,knowledge fusion,knowledge display,etc.Features.