Research On Attack Path Prediction Technology Based On Graph Attention Mechanism

With the popularization of the Internet,network attacks have become an important security issue that restricts the development of the Internet.Due to the gradual upgrading and complexity of attack tools and methods,network malicious intrusion attacks have evolved from the initial single simple operation to complex multi-step attacks.Network attacks exhibit characteristics such as complexity,concealment,and distribution,making traditional network security devices face increasing challenges in preventing network attacks.Therefore,how to predict possible attacks and attack paths before a network attack occurs can help to advance defense against potential network attacks and reduce losses.Among them,predicting attacks based on network asset information and vulnerability information to form attack paths has become an important solution.However,these data have the characteristics of multi-source heterogeneity,large magnitude,and difficulty in integrating data from different dimensions,which can easily lead to the problem of ineffective utilization of data in the attack prediction process,leading to a decrease in attack prediction accuracy.Therefore,in response to the above issues,this article studies node feature re representation methods and interpretable attack path prediction methods based on network attack knowledge graph.Firstly,a knowledge graph is used to fuse data from three dimensions: assets,vulnerabilities,and attacks.Then,a graph attention mechanism is used to re represent asset nodes for knowledge graph inference and attack prediction,forming an attack path.The research work of this article mainly includes the following three points:(1)To solve the problem that attack prediction cannot be carried out due to the lack of attack dimension Semantic information,this paper first collects a large number of vulnerability related text data and attack related text data,then combines a variety of previous research methods to embed the text data with words,and constructs the joint embedding space of vulnerability domain and attack domain through the word embedding results,Finally,based on the joint embedding space,relevant attack techniques are classified to achieve the correlation between vulnerabilities and attack techniques,thereby introducing attack dimension information.The experimental results show that the proposed method has an accuracy rate of 94.53% and a recall rate of 95.78% for attack technology classification tasks in the collected dataset containing 74230 vulnerability reports and 42000 threat reports.This indicates that the method proposed in this article is effective.(2)In response to the problems of multi-source heterogeneity,large magnitude,and difficulty in integrating dimensions of data,this article introduces a knowledge graph to integrate data from three dimensions: assets,vulnerabilities,and attacks.By obtaining,organizing,and analyzing data,and utilizing the relationships between the three dimensions,a network attack knowledge graph is constructed to support subsequent attack prediction and attack path generation.The experimental results show that applying four knowledge graph inference algorithms to the knowledge graph can infer the "attack" relationship between entities,and the average inference completeness rate for the "attack" relationship is 92.30%.This indicates that the knowledge graph constructed in this paper supports the inference of the "attack" relationship.(3)In response to the problem of difficult effective utilization of information and low accuracy of attack prediction caused by large data magnitudes,this article introduces a graph attention mechanism to identify important vulnerability information in devices to explain attack prediction results.At the same time,the graph attention mechanism is used to introduce neighboring information to nodes for node feature re representation to fully utilize node association information and improve attack prediction accuracy.In addition,this article also designed an attack path prediction algorithm to achieve network attack path prediction.The experimental results show that the method proposed in this article has an inference accuracy of81.00% and a recall rate of 81.67% in the "attack" relationship inference task of the constructed knowledge graph,which is superior to the performance of several benchmark models.