Cybersecurity knowledge graph enabled attack chain detection for cyber-physical systems

Qi, Yulu; Gu, Zhaoquan; Li, Aiping; Zhang, Xiaojuan; Shafiq, Muhammad; Mei, Yangyang; Lin, Kaihan

doi:10.1016/j.compeleceng.2023.108660

Cited by 18 publications

(4 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Qi et al [22] introduced knowledge graphs into the detection of composite cyberattacks and constructed a cybersecurity knowledge graph based on known attack knowledge. They conducted a correlation analysis of real-time data to reconstruct the attack process.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Knowledge Graph Completion Algorithm Based on the Fusion of Neighborhood Features and vBiLSTM Encoding for Network Security

Zhang,

Wang,

Han

et al. 2024

Electronics

View full text Add to dashboard Cite

Knowledge graphs in the field of network security can integrate diverse, heterogeneous, and fragmented network security data, further explore the relationships between data, and provide support for deep analysis. Currently, there is sparse security information in the field of network security knowledge graphs. The limited information provided by traditional text encoding models leads to insufficient reasoning ability, greatly restricting the development of this field. Starting from text encoding, this paper first addresses the issue of the inadequate capabilities of traditional models using a deep learning model for assistance. It designs a vBiLSTM model based on a word2vec and BiLSTM combination to process network security texts. By utilizing word vector models to retain semantic information in entities and extract key features to input processed data into BiLSTM networks for extracting higher-level features that better capture and express their deeper meanings, this design significantly enhances understanding and expression capabilities toward complex semantics in long sentences before inputting final feature vectors into the KGC-N model. The KGC-N model uses feature vectors combined with graph structure information to fuse forward and reverse domain features and then utilizes a Transformer decoder to decode predictions and complete missing information within the network security knowledge map. Compared with other models using evaluation metrics such as MR, MRR demonstrates that employing our proposed method effectively improves performance on completion tasks and increases comprehension abilities toward complex relations, thereby enhancing accuracy and efficiency when completing knowledge graphs.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Qi [22] Knowledge graph for composite cyber-attacks Enhances graphs with dynamic clustering and path queries; high computational load.…”

Section: Contribution Key Featuresmentioning

confidence: 99%

A Knowledge Graph Completion Algorithm Based on the Fusion of Neighborhood Features and vBiLSTM Encoding for Network Security

Zhang,

Wang,

Han

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

“…As a result, those mechanisms cannot e ciently ensure the security of BCoT against complicated attacks [11,12]. The security mechanisms based on cybersecurity knowledge can extract threat intelligence information with ne granularity [13,14].…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity entity recognition for blockchain of things via Hierarchical Attention Mechanism

Wu,

Liu,

Ding

et al. 2024

Preprint

View full text Add to dashboard Cite

With the integration of blockchain technology and the Internet of Things (IoT), the blockchain of things (BCoT) has received more attention. Because of the lack of efficient security mechanisms, the number of security incidents aimed at BCoT has been growing exponentially. The traditional cybersecurity analysis methods can utilize cybersecurity knowledge graph to extract threat intelligence information with fine granularity for BCoT. Named entity recognition (NER) is the primary task for constructing cybersecurity knowledge graph for BCoT. Traditional NER models make it difficult to determine entities with complex structures and ambiguous meanings in BCoT. It also cannot efficiently extract non-local and non-sequential dependencies between the cybersecurity entities. So, the traditional NER cannot be directly applied in the field of BCoT. In this paper, we propose a novel Cybersecurity Entity Recognition model based on Hierarchical Attention Mechanism, denoted as CER-HAM, to extract cybersecurity entity in the field of BCoT. CER-HAM composes the self-attention mechanism with the graph attention mechanism to capture non-local and non-sequential dependencies between cybersecurity entities. Based on those dependencies, CER-HAM can accurately extract cybersecurity entity in the field of BCoT. In the end, the real cybersecurity dataset of BCoT is used to verify the efficiency of CER-HAM. The experimental results show that the F1-score reached by CER-HAM is better than the traditional entity recognition model.

show abstract

“…However, recent studies [5][6][7][8][9] have shown that DNNbased SRSs are vulnerable to adversarial attacks. Attackers can add imperceptible small noise to the original audio, which can cause a well-performing SRS to produce incorrect identification results.…”

Section: Introductionmentioning

confidence: 99%

Rethinking multi‐spatial information for transferable adversarial attacks on speaker recognition systems

Zhang,

Tan,

Wang

et al. 2024

CAAI Trans on Intel Tech

Self Cite

View full text Add to dashboard Cite

Adversarial attacks have been posing significant security concerns to intelligent systems, such as speaker recognition systems (SRSs). Most attacks assume the neural networks in the systems are known beforehand, while black‐box attacks are proposed without such information to meet practical situations. Existing black‐box attacks improve transferability by integrating multiple models or training on multiple datasets, but these methods are costly. Motivated by the optimisation strategy with spatial information on the perturbed paths and samples, we propose a Dual Spatial Momentum Iterative Fast Gradient Sign Method (DS‐MI‐FGSM) to improve the transferability of black‐box attacks against SRSs. Specifically, DS‐MI‐FGSM only needs a single data and one model as the input; by extending to the data and model neighbouring spaces, it generates adversarial examples against the integrating models. To reduce the risk of overfitting, DS‐MI‐FGSM also introduces gradient masking to improve transferability. The authors conduct extensive experiments regarding the speaker recognition task, and the results demonstrate the effectiveness of their method, which can achieve up to 92% attack success rate on the victim model in black‐box scenarios with only one known model.

show abstract

Cybersecurity knowledge graph enabled attack chain detection for cyber-physical systems

Cited by 18 publications

References 9 publications

A Knowledge Graph Completion Algorithm Based on the Fusion of Neighborhood Features and vBiLSTM Encoding for Network Security

A Knowledge Graph Completion Algorithm Based on the Fusion of Neighborhood Features and vBiLSTM Encoding for Network Security

Cybersecurity entity recognition for blockchain of things via Hierarchical Attention Mechanism

Rethinking multi‐spatial information for transferable adversarial attacks on speaker recognition systems

Contact Info

Product

Resources

About