Cybersecurity knowledge graphs construction and quality assessment

Abstract

Cyber-attack activities are complex and ever-changing, posing severe challenges to cybersecurity personnel. Introducing knowledge graphs into the field of cybersecurity helps depict the intricate cybersecurity landscape and provides technical support for threat identification and situational awareness. However, during the process of constructing knowledge graphs, inevitable noise and conflicts may be introduced, leading to misleading inferences and decisions. This paper aims to address the issues of constructing and assessing the quality of cybersecurity knowledge graphs. We manually constructed a dataset of cybersecurity knowledge graphs (CS13K) and expanded the existing cybersecurity ontology, building a more versatile ontology applicable to existing data features. Building upon this, we utilized Neo4j to construct the cybersecurity knowledge graph. Furthermore, we propose an AttTucker model, based on Transformer, for assessing the quality of knowledge graphs. By employing numerous self-attention heads, this model captures latent information among entities and relations. While reducing the dimensionality of knowledge embeddings, the model achieves evaluation results comparable to high-dimensional embeddings. Finally, we incorporate the path-level information between entities in the knowledge graph into the evaluation of knowledge graph quality based on the AttTucker model. Experimental analysis on both generic datasets and cybersecurity datasets demonstrates that our model significantly improves F1 value and accuracy in knowledge graph quality assessment tasks, outperforming other models.