For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
9
views
Article has an altmetric score of 1
20
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    1
    shares
      9
      similar
       All similar

      To submit to the journal, please click here

      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Uncovering multi-step attacks with threat knowledge graph reasoning

      research-article

      Read this article at

      ScienceOpenPublisher
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The rapid advancement of information technologies has significantly intensified the focus on cyberspace security across various sectors. In this evolving landscape, attackers deploy many techniques- including exploits, weakness identification, and complex multi-step attacks- to gain unauthorized access to systems. Conversely, defenders harness insights from a variety of sources to pinpoint potential threats. Prominent public cybersecurity databases such as the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide extensive data on security entities and their interrelations, playing a pivotal role in enriching the understanding of cybersecurity challenges and assisting in comprehensive defensive analyses. However, the semantic cross-analysis of these databases, crucial for identifying obscure threat patterns, remains underexploited. In this study, we amalgamate data from these disparate sources into a cohesive threat knowledge graph and introduce a novel knowledge representation learning approach, A4CKGE (ATT&CK-CAPEC-CWE-CVE-CPE Knowledge Graph Embedding). This method utilizes advanced structural and textual analytics to predict interactions among security entities such as products, vulnerabilities, weaknesses, and multi-step attack sequences, employing complex attack templates generated through a Large Language Model (LLM). Our extensive experiments demonstrate that this approach significantly outperforms existing state-of-the-art methods in effectively predicting these relationships. The findings validate the efficacy of our threat knowledge graph in unveiling hidden connections, thereby highlighting its potential to strengthen cybersecurity defenses substantially.

          Related collections

          Most cited references20

          • Record: found
          • Abstract: not found
          • Article: not found

          Knowledge Graph Embedding: A Survey of Approaches and Applications

          Zhendong Mao, Quan Wang, Li Li Guo (2017)
          Article 0 comments Cited 282 times – based on 0 reviews     Review now
          Article has an altmetric score of 31
            Bookmark
            • Record: found
            • Abstract: found
            • Article: not found

            A Survey on Knowledge Graphs: Representation, Acquisition, and Applications

            Shaoxiong Ji, Shirui Pan, Erik Cambria (2022)
            Human knowledge provides a formal understanding of the world. Knowledge graphs that represent structural relations between entities have become an increasingly popular research direction toward cognition and human-level intelligence. In this survey, we provide a comprehensive review of the knowledge graph covering overall research topics about: 1) knowledge graph representation learning; 2) knowledge acquisition and completion; 3) temporal knowledge graph; and 4) knowledge-aware applications and summarize recent breakthroughs and perspective directions to facilitate future research. We propose a full-view categorization and new taxonomies on these topics. Knowledge graph embedding is organized from four aspects of representation space, scoring function, encoding models, and auxiliary information. For knowledge acquisition, especially knowledge graph completion, embedding methods, path inference, and logical rule reasoning are reviewed. We further explore several emerging topics, including metarelational learning, commonsense reasoning, and temporal knowledge graphs. To facilitate future research on knowledge graphs, we also provide a curated collection of data sets and open-source libraries on different tasks. In the end, we have a thorough outlook on several promising research directions.
            Article 0 comments Cited 130 times – based on 0 reviews     Review now
            Article has an altmetric score of 58
              Bookmark
              • Record: found
              • Abstract: found
              • Article: not found

              Knowledge Graph Embedding by Translating on Hyperplanes

              Zhen Wang, Jianwen Zhang, Jianlin Feng (2014)
              We deal with embedding a large scale knowledge graph composed of entities and relations into a continuous vector space. TransE is a promising method proposed recently, which is very efficient while achieving state-of-the-art predictive performance. We discuss some mapping properties of relations which should be considered in embedding, such as reflexive, one-to-many, many-to-one, and many-to-many. We note that TransE does not do well in dealing with these properties. Some complex models are capable of preserving these mapping properties but sacrifice efficiency in the process. To make a good trade-off between model capacity and efficiency, in this paper we propose TransH which models a relation as a hyperplane together with a translation operation on it. In this way, we can well preserve the above mapping properties of relations with almost the same model complexity of TransE. Additionally, as a practical knowledge graph is often far from completed, how to construct negative examples to reduce false negative labels in training is very important. Utilizing the one-to-many/many-to-one mapping property of a relation, we propose a simple trick to reduce the possibility of false negative labeling. We conduct extensive experiments on link prediction, triplet classification and fact extraction on benchmark datasets like WordNet and Freebase. Experiments show TransH delivers significant improvements over TransE on predictive accuracy with comparable capability to scale up.
              Article 0 comments Cited 108 times – based on 0 reviews     Review now
              Article has an altmetric score of 9
                Bookmark
                All references

                Author and article information

                Contributors
                Xiayu Xiang:
                Bio :

                Xiayu Xiang received his Ph.D. in cyberspace security from Beijing University of Posts and Telecommunications, China, in 2022. He is currently a researcher at Peng Cheng Laboratory. His research interests include threat intelligence, attack detection, and big data analysis.

                Changchang Ma:
                Bio :

                Changchang Ma is a master’s graduate from Guangzhou University and currently works at the Security Innovation Laboratory of the Data Center affiliated with CHN Energy, China. His research interests include cyber range, network security, and knowledge graph, etc.

                Liyi Zeng:
                : http://orcid.org/0009-0009-1627-5811
                Bio :

                Dr. Liyi Zeng is currently serving as a Postdoctoral Researcher at Peng Cheng Laboratory in China. She obtained her Ph.D. degree from Tsinghua University in 2023. Her research interests include network security, blockchain, and data mining.

                Wenying Feng:
                Bio :

                Wenying Feng received her Ph.D. degree in Cyberspace Security from the University of Chinese Academy of Sciences in 2023. She is currently conducting postdoctoral research at Peng Cheng Laboratory. Her research interests include network intrusion detection and analysis, and knowledge graph.

                Yushun Xie:
                Bio :

                Yushun Xie is a Ph.D. candidate at the Shenzhen Institute for Advanced Study at the University of Electronic Science and Technology, China. His research interests include cyberattack detection, knowledge graph embedding and artificial intelligence applications and security.

                Zhaoquan Gu:
                Bio :

                Zhaoquan Gu received bachelor’s and Ph.D. degrees in computer science from Tsinghua University, China, in 2011 and 2015, respectively. He is currently a Professor with the School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), China. He is also a Professor at the Department of New Networks, Peng Cheng Laboratory, Shenzhen, China. His research interests include cyberspace security, cyber range, big data analysis, and artificial intelligence security.

                Journal
                Journal ID (publisher-id): sands
                Journal ID (url): https://sands.edpsciences.org
                Title: Security and Safety
                Abbreviated Title: Security and Safety
                Publisher: EDP Sciences and CSPM
                ISSN (Electronic): 2826-1275
                Publication date Final: 04 March 2025
                Publication date (Print): 2025
                Publication date (Electronic): 25 February 2025
                Publication date Given-online-pub: 25 February 2025
                Volume: 4
                Issue: ( publisher-idID: sands/2025/01 )
                Electronic Location Identifier: 2024019
                Affiliations
                [1 ] Peng Cheng Laboratory, , Shenzhen, 518000, China,
                [2 ] CHN Energy, , Beijing, 100000, China,
                [3 ] University of Electronic Science and Technology of China, , Shenzhen, 518110, China,
                [4 ] Harbin Institute of Technology (Shenzhen), , Shenzhen, 518055, China,
                Author notes
                [* ]Corresponding author (email: guzhaoquan@ 123456hit.edu.cn )
                Article
                Publisher ID: sands20240007
                DOI: 10.1051/sands/2024019
                SO-VID: 7109223f-6eff-4434-b5d3-37cb6323128f
                Copyright © © The Author(s) 2025. Published by EDP Sciences and China Science Publishing & Media Ltd.
                License:

                This is an Open Access article distributed under the terms of the Creative Commons Attribution License ( https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

                History
                Date received : 29 April 2024
                Date revision received : 25 October 2024
                Date accepted : 29 October 2024
                Page count
                Figures: 3, Tables: 8, Equations: 12, References: 30, Pages: 19
                Funding
                Funded by: Peng Cheng Laboratory http://dx.doi.org/10.13039/100018919
                Award ID: Major Key Project of PCL (Grant No. PCL2024A05)
                Categories
                Subject: Research Article
                Subject: Other Fields
                Subject: Security and Safety in Network Simulation and Evaluation
                Custom metadata
                idline Security and Safety, Vol. 4, 2024019 (2025)
                cover_date 2025
                first_year 2025
                last_year 2025
                open-access yes

                Keywords: Knowledge graph reasoning,Security database,Knowledge graph embedding
                Data availability:
                Keywords: Knowledge graph reasoning, Security database, Knowledge graph embedding

                Comments

                Comment on this article

                scite_
                0
                0
                0
                0
                Smart Citations
                0
                0
                0
                0
                Citing PublicationsSupportingMentioningContrasting
                View Citations

                See how this article has been cited at scite.ai

                scite shows how a scientific paper has been cited by providing the context of the citation, a classification describing whether it supports, mentions, or contrasts the cited claim, and a label indicating in which section the citation was made.

                Similar content9

                See all similar

                Most referenced authors142

                See all reference authors