Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Coexploitation Behavior Discovery

Jiao Yin; Ming Jian Tang; Jinli Cao; Mingshan You; Hua Wang; Mamoun Alazab

doi:10.1109/TII.2022.3192027

Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Coexploitation Behavior Discovery

Jiao Yin, Ming Jian Tang, Jinli Cao, Mingshan You, Hua Wang, Mamoun Alazab

Research output: Contribution to journal › Article › peer-review

29 Downloads (Pure)

Abstract

Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.

Original language	English
Pages (from-to)	5593-5601
Number of pages	9
Journal	IEEE Transactions on Industrial Informatics
Volume	19
Issue number	4
Early online date	2022
DOIs	https://doi.org/10.1109/TII.2022.3192027
Publication status	Published - 1 Apr 2023

Access to Document

10.1109/TII.2022.3192027

59659577-oaAccepted author manuscript, 3.28 MBLicence: Unspecified

Cite this

@article{d22c4524784743749bb658fb7931e2dd,

title = "Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Coexploitation Behavior Discovery",

abstract = "Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.",

keywords = "Australia, Co-exploitation discovery, Computer security, Feature extraction, graph embedding, Industries, Informatics, knowledge graph, link prediction, Software, Task analysis, transfer learning, knowledge graph (KG), Coexploitation discovery",

author = "Jiao Yin and Tang, {Ming Jian} and Jinli Cao and Mingshan You and Hua Wang and Mamoun Alazab",

note = "Funding Information: SHL has received a research grant from the National Research Laboratory Program through the National Research Foundation of Korea funded by the Ministry of Science, ICT and Future Planning (number 2011-0027928). JHL, KSP, AMK, and CRL declare no competing interests. Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2023",

month = apr,

day = "1",

doi = "10.1109/TII.2022.3192027",

language = "English",

volume = "19",

pages = "5593--5601",

journal = "IEEE Transactions on Industrial Informatics",

issn = "1551-3203",

publisher = "IEEE Computer Society",

number = "4",

}

TY - JOUR

T1 - Knowledge-Driven Cybersecurity intelligence

T2 - Software Vulnerability Coexploitation Behavior Discovery

AU - Yin, Jiao

AU - Tang, Ming Jian

AU - Cao, Jinli

AU - You, Mingshan

AU - Wang, Hua

AU - Alazab, Mamoun

N1 - Funding Information: SHL has received a research grant from the National Research Laboratory Program through the National Research Foundation of Korea funded by the Ministry of Science, ICT and Future Planning (number 2011-0027928). JHL, KSP, AMK, and CRL declare no competing interests. Publisher Copyright: © 2005-2012 IEEE.

PY - 2023/4/1

Y1 - 2023/4/1

N2 - Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.

AB - Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.

KW - Australia

KW - Co-exploitation discovery

KW - Computer security

KW - Feature extraction

KW - graph embedding

KW - Industries

KW - Informatics

KW - knowledge graph

KW - link prediction

KW - Software

KW - Task analysis

KW - transfer learning

KW - knowledge graph (KG)

KW - Coexploitation discovery

UR - http://www.scopus.com/inward/record.url?scp=85135205750&partnerID=8YFLogxK

U2 - 10.1109/TII.2022.3192027

DO - 10.1109/TII.2022.3192027

M3 - Article

AN - SCOPUS:85135205750

SN - 1551-3203

VL - 19

SP - 5593

EP - 5601

JO - IEEE Transactions on Industrial Informatics

JF - IEEE Transactions on Industrial Informatics

IS - 4

ER -

Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Coexploitation Behavior Discovery

Abstract

Access to Document

Other files and links

Fingerprint

Cite this