Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Co-exploitation Behaviour Discovery

Co-exploitation behaviour, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyber-attacks. Leveraging the latest advances in graph-driven intelligence, this paper formulates vulnerability co-exploitation behaviour discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a Modality-Aware Graph Convolutional Network (MAGCN) module to embed multi-modality entity attributes and topological graph connectivity features into a unified lower-dimensional feature space to boost link prediction performance. We further design a Graph Knowledge Transfer Learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing co-exploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN and GINGCN.