Abstract
Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the F1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.
Original language | English |
---|---|
Pages (from-to) | 5593-5601 |
Number of pages | 9 |
Journal | IEEE Transactions on Industrial Informatics |
Volume | 19 |
Issue number | 4 |
Early online date | 2022 |
DOIs | |
Publication status | Published - 1 Apr 2023 |
Bibliographical note
Publisher Copyright:© 2005-2012 IEEE.