Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Co-exploitation Behaviour Discovery

Jiao Yin, Ming Jian Tang, Jinli Cao, Mingshan You, Hua Wang, Mamoun Alazab

Research output: Contribution to journalArticlepeer-review

Abstract

Co-exploitation behaviour, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyber-attacks. Leveraging the latest advances in graph-driven intelligence, this paper formulates vulnerability co-exploitation behaviour discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a Modality-Aware Graph Convolutional Network (MAGCN) module to embed multi-modality entity attributes and topological graph connectivity features into a unified lower-dimensional feature space to boost link prediction performance. We further design a Graph Knowledge Transfer Learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing co-exploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN and GINGCN.

Original languageEnglish
Pages (from-to)1-9
Number of pages9
JournalIEEE Transactions on Industrial Informatics
DOIs
Publication statusE-pub ahead of print - 2022

Fingerprint

Dive into the research topics of 'Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Co-exploitation Behaviour Discovery'. Together they form a unique fingerprint.

Cite this