网络与信息安全学报 (Feb 2022)
Prediction method of 0day attack path based on cyber defense knowledge graph
Abstract
To solve the difficulty of attack detection caused by the 0day vulnerability, a prediction method of 0day attack path based on cyber defense knowledge graph was proposed. The cyber defense knowledge graph was constructed to refine the discrete security data such as threat, vulnerability and asset into the complete and high-related knowledge format by extracting concepts and entities related to network attack from cyber security ontology research finds and databases. Based on the knowledge integrated by the knowledge graph, assumed and restricted the unknown attributes such as the existence, availability and harmfulness of 0day vulnerabilities, and model the concept of "attack" as a relationship between attacker entities and device entities in the knowledge graph to transform the attack prediction to the link prediction of knowledge graph. According to this, apply path ranking algorithm was applied to mine the potential 0day attack in the target system and construct the 0day attack graph. Predicted the 0day attack path by utilizing the scores output by classifiers as the occurrence probabilities of single step attack and computing the occurrence probabilities of different attack paths. The experimental result shows that with the help of complete knowledge system provided by knowledge graph, the proposed method can reduce the dependence of prediction analysis on expert model and overcome the bad influence of 0day vulnerability to improve the accuracy of 0day attack prediction. And utilizing the characteristic that path ranking algorithm reasons based on the structure of graph can also help to backtrack the reasons of predicting results so as to improve the explainability of predicting.
Keywords