extended-abstract

Next-Generation Security Entity Linkage: Harnessing the Power of Knowledge Graphs and Large Language

Authors:

Daniel Alfasi,

Tal Shapira,

Anat Bremler-BarrAuthors Info & Claims

SYSTOR '23: Proceedings of the 16th ACM International Conference on Systems and Storage

Page 150

https://doi.org/10.1145/3579370.3594759

Published: 22 June 2023 Publication History

Get Access

Abstract

With the continuous increase in reported Common Vulnerabilities and Exposures (CVEs), security teams are overwhelmed by vast amounts of data, which are often analyzed manually, leading to a slow and inefficient process. To address cybersecurity threats effectively, it is essential to establish connections across multiple security entity databases, including CVEs, Common Weakness Enumeration (CWEs), and Common Attack Pattern Enumeration and Classification (CAPECs). In this study, we introduce a new approach that leverages the RotatE [4] knowledge graph embedding model, initialized with embeddings from Ada language model developed by OpenAI [3]. Additionally, we extend this approach by initializing the embeddings for the relations.

References

[1]

Tomás Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient Estimation of Word Representations in Vector Space. In 1st International Conference on Learning Representations, ICLR 2013. http://arxiv.org/abs/1301.3781

Google Scholar

[2]

MITRE. 1999. CVE. https://cve.mitre.org

Google Scholar

[3]

OpenAI. 2022. Ada Embedding. https://openai.com/blog/new-and-improved-embedding-model

Google Scholar

[4]

Zhiqing Sun, Zhi-Hong Deng, Jian-Yun Nie, and Jian Tang. 2019. RotatE: Knowledge Graph Embedding by Relational Rotation in Complex Space. CoRR abs/1902.10197 (2019). arXiv:1902.10197

Google Scholar

[5]

Hongbo Xiao, Zhenchang Xing, Xiaohong Li, and Hao Guo. 2019. Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach. In Neural Information Processing. Springer International Publishing, Cham, 50--63.

Google Scholar

[6]

Liu Yuan, Yude Bai, Zhenchang Xing, Sen Chen, Xiaohong Li, and Zhidong Deng. 2021. Predicting Entity Relations across Different Security Databases by Using Graph Attention Network. In 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). 834--843.

Google Scholar

Index Terms

Next-Generation Security Entity Linkage: Harnessing the Power of Knowledge Graphs and Large Language
1. Security and privacy
  1. Systems security
    1. Vulnerability management

Recommendations

ThreatZoom: neural network for automated vulnerability mitigation
HotSoS '19: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security

Increasing the variety and quantity of cyber threats becoming the evident that traditional human-in-loop approaches are no longer sufficient to keep systems safe. To address this momentous moot point, forward-thinking pioneers propose new cyber security ...
Vulnerability Detection for software-intensive system
EASE '24: Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering

Cyberattacks are becoming more sophisticated, and organizations are constantly under threat from various types of security breaches. To protect against these threats, it is essential to identify the vulnerability and impact of these weaknesses and ...
On the Usage of NLP on CVE Descriptions for Calculating Risk
Computer Security. ESORICS 2023 International Workshops
Abstract
In order to conduct a risk analysis on an ecosystem the potential threats to its assets must first be identified. The Risk Modelling Tool (RMT) of the CitySCAPE Project uses CWE - CAPEC - threat relationships that were mapped for identifying the ...

Comments

Information & Contributors

Information

Published In

SYSTOR '23: Proceedings of the 16th ACM International Conference on Systems and Storage

June 2023

168 pages

ISBN:9781450399623

DOI:10.1145/3579370

Chair:
Yosef Moatti,
General Chair:
Ofer Biran
IBM Research - Haifa, Israel
,
Program Chairs:
Yossi Gilad
Hebrew University of Jerusalem, Israel
,
Dejan Kostic
KTH Royal Institute of Technology, Sweden

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2023

Check for updates

Author Tags

Qualifiers

Extended-abstract

Conference

SYSTOR '23

Sponsor:

SIGOPS

SYSTOR '23: 16th ACM International Conference on Systems and Storage

June 5 - 7, 2023

Haifa, Israel

Acceptance Rates

SYSTOR '23 Paper Acceptance Rate 12 of 30 submissions, 40%;

Overall Acceptance Rate 108 of 323 submissions, 33%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
89
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)3

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Index Terms

Recommendations

ThreatZoom: neural network for automated vulnerability mitigation

Vulnerability Detection for software-intensive system

On the Usage of NLP on CVE Descriptions for Calculating Risk

Comments

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Login options

Full Access

PDF

eReader

Abstract

References

Index Terms

Recommendations

ThreatZoom: neural network for automated vulnerability mitigation

Vulnerability Detection for software-intensive system

On the Usage of NLP on CVE Descriptions for Calculating Risk

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations