| With the rapid development of the Internet,network security issues are increasingly severe.The vulnerability data on mainstream domestic vulnerability websites have the characteristics of numerous data,complex structure,and strong correlation.Therefore,this article constructs a network vulnerability security ontology to fully explore potential information in vulnerability data and organize scattered data into a well-structured and semantically related knowledge system.The main research content and innovation points of this paper are as follows:(1)A data model for network vulnerability security ontology was constructed.Due to the diversity and complexity of vulnerability data,different vulnerability websites have different classification criteria and terminology,which can easily lead to confusion and misunderstanding of concepts.In addition,existing network security ontologies are difficult to adapt to the vulnerability data on mainstream domestic vulnerability websites due to different emphases during construction.This article introduces the Protégé ontology modeling tool into the construction of the network vulnerability security ontology.Through the analysis of vulnerability websites,entities,properties,and relationships are finely described and classified to form a clear,structured data model of the network vulnerability security ontology.Then,a distributed crawler framework was designed based on the classification names as keywords for subtasks distribution,enabling the efficient crawling of instance data.(2)The paper proposes a data sharding mixed instance matching method based on an improved BM25 algorithm.Adding hundreds of thousands or even more instance data to the ontology manually is very time-consuming and prone to errors.Therefore,instance matching methods have become key to solving this problem.Instance matching methods need to accurately identify and match instance data in a given ontology to achieve data integration.To address these issues,this article proposes a data sharding mixed instance matching method based on an improved BM25 algorithm.Combining the characteristics of instance data,different weights are assigned as position factors according to where the search keywords appear in the search documents.At the same time,through a BERT model pre-trained in the field of network security,the search keywords,search documents,and related documents are vectorized,and their similarity is calculated and weighted as a relevance similarity factor.Then,the position factor and the relevance similarity factor are introduced into the BM25 algorithm model,which improves the accuracy of instance matching.In addition,during the instance matching process,data sharding is performed based on the number of ontology copies,and the improved BM25 retrieval algorithm is used for parallel instance matching,which improves the efficiency of instance matching.Finally,a knowledge graph of network vulnerability security is formed.(3)Based on knowledge inference,analysis methods for network vulnerability security situation awareness were proposed and a vulnerability situation awareness system was constructed.The types and number of network vulnerabilities are showing a rapidly increasing trend,and attack methods are also constantly evolving,which makes network security defense increasingly challenging.In response to these issues,this article proposes a knowledge inference-based analysis method for network vulnerability security situation awareness.By analyzing the types,propagation,and risks of vulnerabilities,SWRL rules are constructed,followed by using the Pellet reasoning engine for knowledge inference based on the network vulnerability security knowledge graph.This helps security researchers and defenders quickly obtain the latest information and related knowledge about vulnerabilities,improving the timeliness of network security defense.Finally,a vulnerability situation awareness system was designed and implemented based on knowledge inference to improve the efficiency of vulnerability discovery and prevention. |
