Construction And Application Of Cyber Security Knowledge Graph For APT Attack

In recent years,information technology has advanced by leaps and bounds.Advanced Persistent Threat(APT)network attacks are also increasingly threatening the network environment,seriously affecting the safe use of computers.APT attacks are also developing towards a new trend.The degree of automation and attack speed are gradually increasing,and the attack actions are changing and elusive,making security experts tired of analyzing and responding.The traditional Internet information retrieval lacks timeliness and accuracy in obtaining information,and cannot meet the needs of people in the information age.At the same time,a large amount of useful security information such as security knowledge base,vulnerability database,security blog,and threat information base is fragmented and scattered on the Internet.These security knowledge are not properly integrated and utilized,and it is difficult to provide security personnel with fast and effective knowledge support.This thesis uses knowledge mining technology to organize multi-source heterogeneous cyber security threat data existing on the Internet,uses knowledge graph construction technology to manage and express information,and completes knowledge graph through knowledge reasoning.Finally,based on knowledge graph conduct APT attack threat analysis.The specific research contents are as follows:(1)Knowledge extraction from multi-source heterogeneous network security threat data.Aiming at semi-structured cyber security data,the structural characteristics of semi-structured Web pages are analyzed,and the overall framework of web page information extraction is given.For unstructured cyber security data,the Bi LSTM-CRF neural network model is used to realize the joint extraction of entities and entity relationships.(2)Aiming at the problem that entities after knowledge extraction may have redundant errors,this thesis studies an entity alignment method based on string features and semantic features.First,the edit distance similarity function and the Jaccard similarity algorithm are used to measure the entity strings feature;then combine the vector space model(VSM)to calculate the description attribute context semantic features of the entity,and finally combine the two features to obtain the entity similarity;compare the experimental results with the method based on text similarity function and the method based on structure similarity function,the results show that our method is better than these two methods.(3)Cyber security knowledge graph construction for APT attack.By analyzing cyber security threat data,the knowledge fields and scopes that need data extraction are determined;a cyber security ontology model is constructed to provide models and standards for subsequent links,and a cyber security knowledge graph is constructed through technologies such as knowledge extraction,knowledge fusion,and knowledge storage.(4)APT attack threat analysis based on knowledge graph.Firstly,on the basis of knowledge graph construction,a lateral reasoning method of cyber security knowledge graph is studied to mine and analyze hidden CAPEC chains.Through knowledge reasoning,the knowledge graph is supplemented and extended,and a richer semantic network is provided for the subsequent APT threat analysis based on the knowledge graph.Then,a threat analysis method that integrates multiple indicators is studied,which uses the fusion vulnerability value,attack success rate and attack impact assessment indicators to conduct threat analysis on the attack path and generate a threat assessment attack path,which enables security managers to analyze the network environment efficiently and quickly the severity of the threat.