网络与信息安全学报2025,Vol.11Issue(1):151-164,14.DOI:10.11959/j.issn.2096-109x.2025011
基于知识图谱和污点传播的网络攻击检测方法
Network attack detection method based on knowledge graph and taint propagation
摘要
Abstract
With the rapid development of computer and network communication technologies,research on network attack detection in the context of big data has increasingly gained attention.Although machine learning techniques have achieved promising results in this field,issues related to dataset labeling and training have remained challeng-ing.Traditional belief propagation algorithms,while widely used in graph-based attack detection,lacked the distinc-tion between node and edge types and performed inadequately in scenarios where malicious nodes were far fewer than benign nodes.To address these issues,a network attack detection method based on knowledge graphs and taint propagation,referred to as CDTP(community detection and taint propagation),was proposed.In this method,three types of entities(IP addresses,domain names,and files)were defined to establish both direct and indirect relation-ships between entities,and a knowledge graph was constructed.In a semi-supervised setting,the Louvain commu-nity detection algorithm was utilized to partition the knowledge graph and extract subgraphs related to malicious en-tities.Additionally,a novel taint propagation algorithm was introduced,which inferred the maliciousness score of nodes based on the relationships between entities,thereby effectively detecting malicious and victim entities and vi-sualizing attack paths.Experimental results demonstrates that CDTP outperforms the traditional belief propagation algorithm in both simulated environments and authoritative datasets,showing superior performance.Particularly in scenarios where the number of malicious nodes is small,CDTP effectively detects attacks with significantly higher precision and recall compared to traditional methods.This proves that CDTP exhibits outstanding performance in network attack detection and effectively identifies malicious behaviors in complex network environments,demon-strating considerable superiority in practical applications.关键词
网络攻击检测/知识图谱/社区发现/污点传播Key words
network attack detection/knowledge graph/community detection/taint propagation分类
信息技术与安全科学引用本文复制引用
黄明义,邹福泰,周纸墨,张亮..基于知识图谱和污点传播的网络攻击检测方法[J].网络与信息安全学报,2025,11(1):151-164,14.基金项目
国家自然科学基金(61831007) (61831007)
国家重点研发计划(2020YFB1807500) The National Natural Science Foundation of China(61831007),The National Key R&D Program of China(2020YFB1807500) (2020YFB1807500)
