Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Coexploitation Behavior Discovery

Jiao Yin, Ming Jian Tang, Jinli Cao, Mingshan You, Hua Wang, Mamoun Alazab

    Research output: Contribution to journalArticlepeer-review

    122 Downloads (Pure)


    Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.

    Original languageEnglish
    Pages (from-to)5593-5601
    Number of pages9
    JournalIEEE Transactions on Industrial Informatics
    Issue number4
    Early online date2022
    Publication statusPublished - 1 Apr 2023


    Dive into the research topics of 'Knowledge-Driven Cybersecurity intelligence: Software Vulnerability Coexploitation Behavior Discovery'. Together they form a unique fingerprint.

    Cite this