Construction And Application Of Industrial Control Network Security Knowledge Graph

Industrial control systems involve a number of key infrastructure,once attacked,will cause heavy economic losses.However,industrial control system is relatively closed without sufficient internal data support and the ability to deal with external threats,in addition,traditional cybersecurity analysis methods have certain limitations,which can only predict known attacks,but cannot predict unknown attacks.In order to improve the ability of security analysis for industrial control system,this paper proposes a data-driven security analysis framework for industrial control system,and conducts research on the two key tasks of the construction and application of cybersecurity knowledge graph for industrial control system.Aiming at the problem of the lack of data support for security analysis of industrial control system,this paper converts the massive and heterogeneous open source cybersecurity corpus in the Internet into structured knowledge,and integrates it with the structure of industrial control system to build cybersecurity knowledge graph for industrial control system,and so the construction technology of knowledge graph was carried out in this paper.Firstly,the ontology structure of the cybersecurity knowledge graph for industrial control system is defined,involving the three dimensions of asset,scenario,and vulnerability,the data of the dimensions of vulnerability and scenario are further analyzed,and the relation extraction model based on Res PCNN-ATT is used to extract the relation of entities.The external security intelligence knowledge of the industrial control system scenario is merged with the structure of industrial control system to obtain the cybersecurity knowledge graph for industrial control system,and then the graph database Neo4 j is used to store and visualize the knowledge graph.The knowledge graph provides a structured data source for security analysis of industrial control system,enhances the ability of industrial control system to deal with external threats,and facilitates security analysis and visualization of industrial control system.Further in view of the traditional cybersecurity analysis method can’t predict the unknown attacks,in this paper,the cybersecurity analysis task is transformed into the downstream tasks of knowledge graph,and an application analysis framework of cybersecurity of industrial control system based on knowledge graph completion is proposed.Use knowledge graph completion to mine hidden vulnerabilities,predict unknown threats,and complete the data basis for cybersecurity analysis of industrial control system,further define the association rules of CWE chain,by analyzing the statistical relations between CWE entity pairs and assets in knowledge graph,the hidden CWE chain in the industrial control system is further dug out to assist the cybersecurity analysis and decision-making for industrial control system.Aiming at the task of knowledge graph completion,this paper introduces the semantic information of the entity description of vulnerabilities,and proposes a knowledge graph completion framework that integrates the entity description.In this paper,a gate control unit is set to control the fusion of the entity and the entity description,and the gate control unit is extended to the Conv E and Dist Mult models that only consider the graph structure,which improves the effect of cybersecurity entity and relation prediction for industrial control system.