Construction Of Knowledge Graph For Cyber Security

With the popularization of network and computer application,the era of information and intelligence is coming.However,while enjoying the convenience brought by the Internet,countries,organizations and individuals are also facing the increasingly serious threat of network attacks.In this context,it is urgent to integrate multi-source heterogeneous network security data and improve the ability to express network security knowledge.Knowledge graph can structure heterogeneous knowledge,build the association between knowledge,and solve the dilemma of network security under the current background.Therefore,this paper will focus on the construction of cyber security knowledge graph.The construction of knowledge graph mainly includes domain ontology construction and domain knowledge construction.Cyber security ontology is the basis of constructing network security knowledge atlas.This paper analyzes the existing cyber security domain ontology and important terms,uses STIX standardized language,and combines the existing network security knowledge base ATT&CK,CAPEC,CWE and CVE.A cyber security ontology with strong compatibility and scalability is constructed.Then,on the basis of cyber security domain ontology,knowledge extraction is carried out for unstructured network security data.Named entity recognition and relationship extraction are the basis of establishing each knowledge in the atlas.A combination of dictionary and deep learning model is used for named entity recognition.Build dictionaries for malware entities,build dictionaries for attack pattern and consequence,The dictionary content is derived from ATT&CK and CAPEC knowledge base.On the basis of dictionary matching,Bert-Bi LSTM-CRF model is used to train annotation data,and finally the result of named entity recognition is obtained.The experimental results show that the proposed named entity recognition method is effective.Finally,based on ontology and named entity recognition,relational extraction of network security data is carried out.The relationship extraction method adopted in this paper is the combination of dependency syntax analysis and rules.The network relationships in unstructured data are extracted by dependency syntax analysis,and then the extracted relationships are constrained by rules.Experiments show that the addition of rules can improve the F1 value of relation extraction compared with dependency parsing alone.