| With the rapid development of information technology,network security issues are becoming increasingly serious,and the number of security vulnerabilities continues to grow.Traditional vulnerability information organization and management methods rely on various vulnerability information databases or platforms distributed at home and abroad,making it difficult for researchers to obtain sufficient vulnerability information to patch security vulnerabilities.Currently,a large amount of research on software vulnerabilities focuses on the vulnerability information itself,paying less attention to the logical system between vulnerabilities and the mutual connections between vulnerabilities and related papers.To address these issues,this paper designs and develops a vulnerability domain knowledge graph system that can help users collect vulnerability information and clearly display the relationships between vulnerabilities and papers.This paper first collects vulnerability information and related domain papers from the internet,and performs knowledge extraction on the collected vulnerability and paper information to construct a vulnerability domain knowledge graph.To improve the accuracy of knowledge extraction,this paper constructs an ERNIE+BILSTM+CRF entity recognition model and uses this model to extract entities from the descriptive text of vulnerability attributes,ensuring that the knowledge graph contains vulnerability information,related paper information,and attribute relationships.The vulnerability domain knowledge graph system frontend uses the vue.js framework,and the backend uses the springboot and flask frameworks,combined with the Mysql database and Neo4 j graph database.The main work of this paper is divided into the following three aspects:(1)Design and construct the vulnerability domain knowledge ontology,define the entity-relationship attributes of the ontology,and extract structured vulnerability information and paper data based on the required entities for the vulnerability domain knowledge ontology.Use the extracted entities to construct a vulnerability domain knowledge graph and connect different entities through previously designed relationships.(2)Considering that entities in the vulnerability domain are composed of a mixture of Chinese and English,this paper proposes an ERNIE+BILSTM+CRF entity recognition model that combines the ERNIE pre-training model,which has stronger Chinese semantic information extraction capabilities,with the BILSTM model and CRF model,and verifies the effectiveness of the model for Chinese and English entity recognition through experiments.(3)Design and implement the vulnerability domain knowledge graph system.The system includes four modules: knowledge collection,information management,graph updates,and graph queries.It realizes automatic collection of vulnerability information sources,automatic filtering of vulnerability and paper information,and automatic synchronization of vulnerability information changes to the vulnerability domain knowledge graph. |
PDF Full Text Request