网络与信息安全学报2023,Vol.9Issue(6):116-126,11.DOI:10.11959/j.issn.2096-109x.2023087
基于知识图谱的网络安全事件数据推荐算法
Data recommendation algorithm of network security event based on knowledge graph
祝现威 1刘伟 1刘自豪 1顾泽宇1
作者信息
- 1. 中国人民解放军61660部队,北京 100080
- 折叠
摘要
Abstract
To address the difficulty faced by network security operation and maintenance personnel in timely and accurate identification of required data during network security event analysis,a recommendation algorithm based on a knowledge graph for network security events was proposed.The algorithm utilized the network threat framework ATT&CK to construct an ontology model and establish a network threat knowledge graph based on this model.It extracted relevant security data such as attack techniques,vulnerabilities,and defense measures into interconnected security knowledge within the knowledge graph.Entity data was extracted based on the knowledge graph,and entity vectors were obtained using the TransH algorithm.These entity vectors were then used to calculate data similarity between entities in network threat data.Disposal behaviors were extracted from literature on network security event handling and treated as network security data entities.A disposal behavior matrix was constructed,and the behavior matrix enabled the vector representation of network threat data.The similarity of network threat data entities was calculated based on disposal behaviors.Finally,the similarity between network threat data and threat data under network security event handling behavior was fused to generate a data recommendation list for network security events,which established correlations between network threat domains based on user behavior.Experimental results demonstrate that the algorithm performs optimally when the fusion weight α=7 and the recommended data volume K=5,achieving a recall rate of 62.37%and an accuracy rate of 68.23%.By incorporating disposition behavior similarity in addition to data similarity,the algorithm better represents factual disposition behavior.Compared to other algorithms,this algorithm exhibits significant advantages in recall rate and accuracy,particularly when the recommended data volume is less than 10.关键词
网络威胁数据/网络安全事件/知识图谱/相似度/事件处置行为/数据推荐Key words
network threat data/network security events/knowledge graph/similarity/event handling behavior/data recommendation分类
信息技术与安全科学引用本文复制引用
祝现威,刘伟,刘自豪,顾泽宇..基于知识图谱的网络安全事件数据推荐算法[J].网络与信息安全学报,2023,9(6):116-126,11.
