Knowledge-Driven Cybersecurity Intelligence: Software Vulnerability Coexploitation Behavior Discovery

Abstract

Coexploitation behavior, referring to multiple software vulnerabilities being exploited jointly by one or more exploits, brings enormous challenges to the prevention and remediation of cyberattacks. Leveraging the latest advances in graph-driven intelligence, this article formulates vulnerability coexploitation behavior discovery as a link prediction problem between vulnerability entities within a vulnerability knowledge graph. We propose a modality-aware graph convolutional network (MAGCN) module to embed multimodality entity attributes and topological graph connectivity features into a unified lower dimensional feature space to boost link prediction performance. We further design a graph knowledge transfer learning (GKTL) strategy to transfer knowledge between subgraphs extracted from the same knowledge graph. Experimental results on a real-world dataset containing coexploitation incidents between 1995 and 2021 show that MAGCN achieved 81.34% on the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">F</i> 1 score when applying the GKTL strategy, superior to other graph neural network modules, such as GCN, GraphSAGE, EdgeGCN, and GINGCN.