Next-Generation Security Entity Linkage: Harnessing the Power of Knowledge Graphs and Large Language
Page 150
Abstract
With the continuous increase in reported Common Vulnerabilities and Exposures (CVEs), security teams are overwhelmed by vast amounts of data, which are often analyzed manually, leading to a slow and inefficient process. To address cybersecurity threats effectively, it is essential to establish connections across multiple security entity databases, including CVEs, Common Weakness Enumeration (CWEs), and Common Attack Pattern Enumeration and Classification (CAPECs). In this study, we introduce a new approach that leverages the RotatE [4] knowledge graph embedding model, initialized with embeddings from Ada language model developed by OpenAI [3]. Additionally, we extend this approach by initializing the embeddings for the relations.
References
[1]
Tomás Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient Estimation of Word Representations in Vector Space. In 1st International Conference on Learning Representations, ICLR 2013. http://arxiv.org/abs/1301.3781
[2]
MITRE. 1999. CVE. https://cve.mitre.org
[3]
OpenAI. 2022. Ada Embedding. https://openai.com/blog/new-and-improved-embedding-model
[4]
Zhiqing Sun, Zhi-Hong Deng, Jian-Yun Nie, and Jian Tang. 2019. RotatE: Knowledge Graph Embedding by Relational Rotation in Complex Space. CoRR abs/1902.10197 (2019). arXiv:1902.10197
[5]
Hongbo Xiao, Zhenchang Xing, Xiaohong Li, and Hao Guo. 2019. Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach. In Neural Information Processing. Springer International Publishing, Cham, 50--63.
[6]
Liu Yuan, Yude Bai, Zhenchang Xing, Sen Chen, Xiaohong Li, and Zhidong Deng. 2021. Predicting Entity Relations across Different Security Databases by Using Graph Attention Network. In 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). 834--843.
Index Terms
- Next-Generation Security Entity Linkage: Harnessing the Power of Knowledge Graphs and Large Language
Recommendations
ThreatZoom: neural network for automated vulnerability mitigation
HotSoS '19: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of SecurityIncreasing the variety and quantity of cyber threats becoming the evident that traditional human-in-loop approaches are no longer sufficient to keep systems safe. To address this momentous moot point, forward-thinking pioneers propose new cyber security ...
Vulnerability Detection for software-intensive system
EASE '24: Proceedings of the 28th International Conference on Evaluation and Assessment in Software EngineeringCyberattacks are becoming more sophisticated, and organizations are constantly under threat from various types of security breaches. To protect against these threats, it is essential to identify the vulnerability and impact of these weaknesses and ...
On the Usage of NLP on CVE Descriptions for Calculating Risk
Computer Security. ESORICS 2023 International WorkshopsAbstractIn order to conduct a risk analysis on an ecosystem the potential threats to its assets must first be identified. The Risk Modelling Tool (RMT) of the CitySCAPE Project uses CWE - CAPEC - threat relationships that were mapped for identifying the ...
Comments
Information & Contributors
Information
Published In
June 2023
168 pages
ISBN:9781450399623
DOI:10.1145/3579370
- Chair:
- Yosef Moatti,
- General Chair:
- Ofer Biran,
- Program Chairs:
- Yossi Gilad,
- Dejan Kostic
Copyright © 2023 Owner/Author(s).
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 June 2023
Check for updates
Author Tags
Qualifiers
- Extended-abstract
Conference
SYSTOR '23
Sponsor:
Acceptance Rates
SYSTOR '23 Paper Acceptance Rate 12 of 30 submissions, 40%;
Overall Acceptance Rate 94 of 285 submissions, 33%
Upcoming Conference
SYSTOR '24
- Sponsor:
- sigops
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 82Total Downloads
- Downloads (Last 12 months)65
- Downloads (Last 6 weeks)4
Reflects downloads up to 18 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in