Edge propagation for link prediction in requirement-cyber threat intelligence knowledge graph

Edge propagation for link prediction in requirement-cyber threat intelligence knowledge graph

Critical information infrastructure (CII) is a critical component of national socioeconomic systems and one of the primary targets of cyberattacks. Unfortunately, CII's security administration struggles to keep up with the rapidly evolving and complex cyber threats. In this research, we combine...

Full description

Saved in:
Bibliographic Details
Published in:Information sciences Vol. 653; p. 119770
Main Authors: Zhang, Yang, Chen, Jiarui, Cheng, Zhe, Shen, Xiong, Qin, Jiancheng, Han, Yingzheng, Lu, Yiqin
Format: Journal Article
Language:English
Published: Elsevier Inc 01-01-2024
Subjects:
Critical information infrastructure
Cyber threat intelligence
Graph neural network
Knowledge graph
Link prediction
Link prediction
Cyber threat intelligence
Critical information infrastructure
Graph neural network
Knowledge graph
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Critical information infrastructure (CII) is a critical component of national socioeconomic systems and one of the primary targets of cyberattacks. Unfortunately, CII's security administration struggles to keep up with the rapidly evolving and complex cyber threats. In this research, we combine cybersecurity threat intelligence (CTI) with management security requirements (SR) data to construct a knowledge graph (KG) named RCTI and predict new knowledge on the heterogeneous graph. In addition, we propose EGNN, a novel GNN-based model that defines the representation of edges and develop an algorithm for propagating edge information. Experiments on three public datasets and the RCTI graph show that the EGNN achieves state-of-the-art performance. Finally, we use the EGNN model to predict new links on the RCTI graph, which by manual analysis achieves a 97% connectivity rate between the CTI and SR entities. Therefore, the EGNN can effectively detect management vulnerabilities and enhance CII's cybersecurity capability in the event of cybersecurity incidents. •Critical information infrastructure is the main target of cyber-attacks.•Knowledge graph can associate cyber-attack knowledge with cybersecurity management knowledge.•Locating security management vulnerabilities can effectively prevent cyber-attacks.•Link prediction technology helps to find the security management vulnerabilities.
ISSN:0020-0255
1872-6291
DOI:10.1016/j.ins.2023.119770