CN117216767A - Vulnerability exploitation attack prediction method based on graph neural network - Google Patents
Vulnerability exploitation attack prediction method based on graph neural network Download PDFInfo
- Publication number
- CN117216767A CN117216767A CN202311135483.1A CN202311135483A CN117216767A CN 117216767 A CN117216767 A CN 117216767A CN 202311135483 A CN202311135483 A CN 202311135483A CN 117216767 A CN117216767 A CN 117216767A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- graph
- attack
- nodes
- exploit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 14
- 239000013598 vector Substances 0.000 claims abstract description 23
- 230000007246 mechanism Effects 0.000 claims abstract description 19
- 238000012512 characterization method Methods 0.000 claims abstract description 10
- 239000011159 matrix material Substances 0.000 claims description 24
- 230000000694 effects Effects 0.000 claims description 14
- 238000012549 training Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 238000011161 development Methods 0.000 claims description 5
- 238000012216 screening Methods 0.000 claims description 4
- 238000003062 neural network model Methods 0.000 claims description 3
- 230000000087 stabilizing effect Effects 0.000 claims description 3
- 230000009466 transformation Effects 0.000 claims description 3
- 230000008447 perception Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000002360 explosive Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000000137 annealing Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a vulnerability exploitation attack prediction method based on a graph neural network. Comprising the following steps: extracting features of a vulnerability knowledge base and expressing vulnerability nodes of a vulnerability feature graph; extracting a vulnerability knowledge triplet, and converting the vulnerability knowledge triplet into an undirected graph; constructing an edge relation of the vulnerability feature map to obtain the vulnerability feature map; extracting node vector characterization of the vulnerability feature map by using a node characterization method based on an attention mechanism; predicting the possibility of the exploit attack by using a exploit attack prediction model based on a graph attention network; and introducing a loss function based on a gradient coordination mechanism to the vulnerability exploitation attack prediction model based on the graph attention network so as to balance the influence of different types of samples on the prediction model. According to the method, the prediction model based on the graph attention network is constructed, the vulnerability feature graph is used as model input, the accuracy of attack prediction of the vulnerability exploitation is improved, and the comprehensive performance of the proposed model is improved.
Description
Technical Field
The application belongs to the field of network security, and particularly relates to a vulnerability exploitation attack prediction method based on a graph neural network.
Background
With the continued development of network space, global information services have been expanding at an exponential rate in number, variety, and complexity. At the current time of technology development, businesses and personal information are increasingly exposed to cyber attack threats caused by software vulnerabilities. Network attackers can exploit software vulnerabilities to break the integrity, confidentiality, or availability of target systems, thereby compromising socioeconomic and national security.
The likelihood that a software vulnerability will be used for a network attack after it is publicly disclosed increases significantly. Meanwhile, the continuously emerging vulnerabilities prompt network attackers to disclose the vulnerabilities and share technical details in unofficial channels, so that a system without updating patches is at greater risk. Worse still, the explosive growth in the number of software vulnerabilities makes it difficult for vendors to provide patch and mitigation measures in a timely manner. In fact, however, less than 3% of all publicly disclosed vulnerabilities are used for real network attacks, while less vulnerabilities are incorporated into hacking tools. Most vulnerabilities never occur in the field, and the proportion of the field utilization that occurs gradually decreases over time. Enterprise decision makers must make trade-offs between coverage and efficiency due to cost considerations such as time, labor, equipment, etc. required to fix software vulnerabilities. On the one hand, enterprises need to repair the disclosed loopholes as much as possible to improve the safe water level; on the other hand, due to limited resources, enterprises have to deal with high risk vulnerabilities preferentially and with low risk vulnerabilities in a hysteresis. With the explosive growth of the number of vulnerability disclosures, the importance of vulnerability assessment is also gaining increasing importance. Thus, vulnerability availability assessment has become a key measure for enterprises or organizations to protect information systems and networks from network attacks, malware investigation, and various data leakage threats. The efficient exploit attack prediction technique can help a decision maker determine the priority of vulnerability restoration work in order to restore critical vulnerabilities before the exploitation occurs.
The application provides a vulnerability exploiting attack prediction method, which is used for extracting and obtaining a vulnerability characteristic diagram on a vulnerability knowledge base from semantic similarity of vulnerability description and indirect relations among vulnerabilities. In order to further explore the function and mechanism of the associated information among the loopholes in predicting the attack of the loopholes, a prediction model based on a graph attention network is constructed, a loophole feature graph is used as model input, the accuracy of the attack prediction of the loopholes is improved, and the comprehensive performance of the proposed model is improved.
Disclosure of Invention
In view of the above, the application provides a vulnerability exploiting attack prediction method based on a graph neural network, which aims to solve the problems of the existing vulnerability exploiting attack prediction method that the correlation information among the exploit vulnerabilities and the coping data distribution are unbalanced, and further improve the model prediction performance.
An exploit attack prediction method based on a graph neural network, the method comprising:
step 1: extracting basic features, text features and technical article features of vulnerability data in a vulnerability knowledge base to express vulnerability nodes of a vulnerability feature map;
step 2: screening vulnerability knowledge triples which can embody the attributes of similar attack targets, utilization methods and attack effects among vulnerabilities in a vulnerability knowledge base, extracting all edges and entity nodes related to the triples, and converting the edges and entity nodes into an undirected graph G;
step 3: respectively calculating a shortest distance matrix between vulnerability nodes in the undirected graph G and a vulnerability description text similarity matrix by using a Floyd algorithm and a cosine similarity algorithm, and combining the two matrices to construct an edge relation of a vulnerability feature graph to obtain the vulnerability feature graph;
step 4: extracting node vector characterization of the vulnerability feature map by using a node characterization method based on an attention mechanism;
step 5: extracting structural information and node characteristics from a vulnerability feature graph by using a vulnerability exploitation attack prediction model based on a graph attention network so as to predict the possibility of vulnerability exploitation attack;
step 6: and (3) introducing a loss function based on a gradient coordination mechanism to the vulnerability exploiting attack prediction model based on the graph attention network in the step (5) so as to balance the influence of different types of samples on the prediction model.
Preferably, the extracting the features of the vulnerability data from the vulnerability knowledge base to express the vulnerability node flow of the vulnerability feature graph includes:
taking vulnerability nodes of a vulnerability knowledge base as cores, setting up and extracting a group of effective features to express the nodes, wherein the selected features comprise vulnerability basic features, text-pushing features and technical article features;
using N-gram word bags to represent text features of vulnerability information contained in text fields;
generating a high quality tweet vector for each tweet using a Sentence-BERT (SBERT) pre-training model;
the bag of words model is used to characterize the technical articles for vulnerability-related technical articles.
Preferably, the process of constructing the undirected graph G includes:
the vulnerability knowledge triples in the vulnerability knowledge base are screened, and in all triples, the vulnerability can be directly or indirectly reflected to have similar attack targets, utilization methods and attack effect attributes: < Exploit, exploit >, < Exploit, effect, program version >, < Exploit, is, vulnerability type >, < program version, belongTo, product >, < vendor, development, product >;
and extracting all edges and entity nodes related to the triplet type from the vulnerability knowledge base, and converting the edges and entity nodes into an undirected graph G.
Preferably, constructing the edge relation of the vulnerability feature graph to obtain the vulnerability feature graph flow comprises:
respectively calculating a shortest distance matrix between vulnerability nodes in the undirected graph G and a vulnerability description text similarity matrix by using a Floyd algorithm and a cosine similarity algorithm;
and adding the similarity matrix and the reciprocal matrix between the nodes to obtain final weight, setting a threshold value, and judging whether an edge relationship should be constructed between any two vulnerability nodes, so as to construct an edge relationship between the vulnerability nodes, and finally obtaining the vulnerability feature graph.
Preferably, the node vector characterization process for extracting the vulnerability feature graph comprises the following steps:
generating a push text feature with a push sentence vector matrix as a vulnerability node for each vulnerability by using an SBERT pre-training model, which is expressed as followsWherein t is the number of the tweets corresponding to the loopholes, and d is the sentence vector dimension;
the node vector representation of the vulnerability feature map is improved by using a node representation method based on an attention mechanism, so that the problem of unbalanced distribution of the number of the pushout among different vulnerabilities is solved.
Preferably, the inputting the vulnerability feature map into the exploit attack prediction model, and predicting the exploit attack flow includes:
the text feature of the push text is connected with other features in series, and is input to a graph neural network model after trainable linear transformation;
the graph annotation force network based on the multi-head attention mechanism is used for improving the perception capability of a prediction model and stabilizing the training process, structural information and node characteristics are extracted from the vulnerability characteristic graph, and the possibility of the vulnerability exploitation attack is predicted in the form of node classification tasks.
Preferably, the process of balancing the influence of different types of samples on the prediction model comprises the following steps:
and a loss function based on a gradient coordination mechanism is introduced to balance the contribution degree of different types of samples to the prediction model, so that the negative influence of unbalanced distribution of the number of positive and negative samples on the prediction effect of the model is relieved.
Compared with the prior art, the application provides a vulnerability exploitation attack prediction method, which has the beneficial effects that: by constructing a vulnerability feature map based on a vulnerability knowledge base and predicting vulnerability exploitation attack based on a graph neural network, the performance of vulnerability exploitation attack prediction is improved, and adverse effects of unbalanced data distribution on a model are relieved.
Drawings
In order to more clearly illustrate this embodiment or the technical solutions of the prior art, the drawings that are required for the description of the embodiment or the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an exploit attack prediction technique based on a graph neural network according to an embodiment of the present application.
Detailed Description
The following detailed description of specific embodiments of the application refers to the accompanying drawings and detailed description. The following examples or figures are illustrative of the application and are not intended to limit the scope of the application.
Referring to fig. 1, fig. 1 is a flowchart of a method for predicting an exploit attack according to an embodiment of the present application, including:
step 1: extracting basic features, text features and technical article features of vulnerability data in a vulnerability knowledge base to express vulnerability nodes of a vulnerability feature map;
step 2: screening vulnerability knowledge triples which can embody the attributes of similar attack targets, utilization methods and attack effects among vulnerabilities in a vulnerability knowledge base, extracting all edges and entity nodes related to the triples, and converting the edges and entity nodes into an undirected graph G;
step 3: respectively calculating a shortest distance matrix between vulnerability nodes in the undirected graph G and a vulnerability description text similarity matrix by using a Floyd algorithm and a cosine similarity algorithm, and combining the two matrices to construct an edge relation of a vulnerability feature graph to obtain the vulnerability feature graph;
step 4: extracting node vector characterization of the vulnerability feature map by using a node characterization method based on an attention mechanism;
step 5: extracting structural information and node characteristics from a vulnerability feature graph by using a vulnerability exploitation attack prediction model based on a graph attention network so as to predict the possibility of vulnerability exploitation attack;
step 6: and (3) introducing a loss function based on a gradient coordination mechanism to the vulnerability exploiting attack prediction model based on the graph attention network in the step (5) so as to balance the influence of different types of samples on the prediction model.
For the vulnerability node extracting the characteristics of vulnerability data from a vulnerability knowledge base to express a vulnerability characteristic graph, the specific steps comprise:
step 1a: and setting up and extracting a group of effective features to express the nodes by taking the vulnerability nodes of the vulnerability knowledge base as a core, and selecting three features including vulnerability basic features, text-pushing features and technical article features.
Step 1b: the vulnerability basic features are features for directly describing the attributes of the vulnerability itself, and comprise vulnerability types, vulnerability descriptions, whether PoC (push-to-talk over cellular) and CVSS scores are contained, the number of affected products, the number of affected manufacturers, the number of references, the information change and release time interval and the number of days when the current information is not changed. N-gram bag of words is used to flag whether some special words (such as "overflow", "code injection") appear in the text field of the vulnerability, thereby representing the text features of the vulnerability information contained in the text field.
Step 1c: the method focuses on semantic information of each tweet, and generates a high-quality tweet vector for each tweet by using a Sentence-BERT (SBERT) pre-training model.
Step 1d: the technical article features comprise the content of the article, a certain technical information is supplemented by the text content of the article, and the technical article related to the vulnerability is characterized by using a bag-of-words model.
For constructing the undirected graph G, the specific steps include:
step 2a: firstly, screening the vulnerability knowledge triples in the vulnerability knowledge base. In all the triplet types, the properties of the attack targets, the utilization methods and the attack effects which are similar among the vulnerabilities can be directly or indirectly reflected: < Exploit, exploit >, < Exploit, effect, program version >, < Exploit, is, vulnerability type >, < program version, belongTo, product >, < vendor, development, product >.
Step 2b: and extracting all edges and entity nodes related to the triplet type from the vulnerability knowledge base, and converting the edges and entity nodes into an undirected graph G.
For constructing the edge relation of the vulnerability feature map to obtain the vulnerability feature map, the specific steps include:
step 3a: firstly, initializing a distance matrix between nodes by inputting a vulnerability knowledge undirected graph G: and assigning distances between different nodes directly connected in the undirected graph as 1, assigning distances between the nodes and the nodes to each other as 0, and assigning distances between the other nodes to be positive infinity.
Step 3b: and respectively calculating a similarity matrix between the multisource shortest path between the nodes and the vulnerability description text by using a Floyd algorithm and a cosine similarity algorithm.
Step 3c: and adding the similarity matrix and the reciprocal matrix between the nodes to obtain final weight, and judging whether an edge relation should be constructed between any two vulnerability nodes by combining with an edge construction threshold T to finally obtain an edge relation set E of the vulnerability feature graph, thereby obtaining a vulnerability feature graph G= (V, E and F), wherein V represents a node set in the vulnerability feature graph, E represents an edge set in the graph, and F represents a feature set of the nodes.
For node vector characterization of the extracted vulnerability feature graph, the specific steps include:
step 4a: the SBERT model generates a push sentence vector matrix for each vulnerability as the push text feature of the vulnerability node, which is expressed asWhereinFor the number of tweets corresponding to the vulnerability,is the sentence vector dimension.
Step 4b: for each vulnerability node, the following attentional mechanisms are used to extract features from the pushers:
wherein the method comprises the steps ofIs the attention column vector of the person,representing the attention value of each of the tweet vectors.Is a matrix of weights that can be trained,representing the Sigmoid activation function. The method also applies slope annealing techniques during the attention weight matrix training process to amplify the differences between the attention values of different pushups. The method uses scalar slope parametersStarting from 1, each round of training increases by 0.004 until it reaches a maximum of 5, so thatThe attention value of (1) converges rapidly to 0 or 1. After that, the process is carried out,andline-by-line multiplication to obtain sentence vector matrix selected by attention mechanism。
Step 4c: aggregating sentence vector matrices using a maximum pool algorithm as a tweet text feature for vulnerability nodes. In order to further alleviate the problem of unbalanced distribution of the number of the push texts, the method selects a fixed number t of push texts in each round of training, and calculates a hidden vector by using the following formulaIs a moving average of:
wherein,represents the firstThe aggregate hidden vector obtained for a small batch,representing the moving average update rate.
For inputting the vulnerability characteristic graph into a graph attention network-based vulnerability exploiting attack prediction model, predicting vulnerability attack, the specific steps include:
step 5a: the moving average derived text feature is concatenated with other features using the following formula and input into the graph neural network model after a trainable linear transformation:
step 5b: a graph annotation force network of a multi-head attention mechanism is used for improving the perceptibility of a prediction model and stabilizing the training process, structural information and node characteristics are extracted from a vulnerability characteristic graph, and the possibility of vulnerability exploitation attack is predicted in the form of node classification tasks.
For balancing the contribution degree of different types of samples to the prediction model, the specific steps comprise:
step 6a: and introducing a loss function based on a gradient coordination mechanism to balance the contribution degree of different types of samples to the prediction model, and relieving the negative influence of unbalanced distribution of the number of positive and negative samples on the prediction effect of the model. The gradient coordination-based loss function formula is as follows:
wherein,the result is calculated for the cross entropy of each training sample,sample density within the distribution interval is modulo-length for each gradient.
Sample densityThe calculation formula of (2) is as follows:
wherein,for the length of the gradient mode,is the probability that the model predicts the exploit attack will occur,a ground truth label representing the node,indicating whether the sample is in a zone or not,the actual length of the section is represented, and the sample density GD (g) is the number of samples in the section.
Experimental results:
according to the thought and implementation steps of the vulnerability exploitation attack detection method based on the graph neural network, selecting Adobe with CVE numbers obtained from 1 month in 2020 to 1 month in 2021 and 1680 vulnerabilities in Microsoft products to form a data set.
The method is verified to be capable of effectively early warning and detecting the attack of the exploit, and gradually enriching data with time can obviously improve the prediction effect of the method according to the fact that the accuracy of the method on 1 day, 3 days, 7 days and a time-free data set reaches 80%, 71.4%, 68.8%, 83.3%, and the recall rate reaches 53.3%, 66.7%, 73.3%, 66.7%, and the F1 fraction reaches 64.0%, 68.9%, 70.9% and 74.1% after the formal disclosure of the vulnerability is collected to train the model.
It should be noted that, for simplicity of description, the above method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other order or concurrently in accordance with the present application. Further, those skilled in the art will recognize that the embodiments described in the specification are presently preferred, and that the acts and processes involved are not necessarily required for the present application.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present application, and the present application is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present application has been described in detail with reference to the foregoing embodiments.
Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (7)
1. The method is characterized by comprising the steps of constructing a vulnerability feature map with higher effective information density by extracting vulnerability data and semantic map structures in a vulnerability knowledge base, and then inputting the vulnerability feature map into a vulnerability attack prediction model based on a map attention network to predict vulnerability attack, and the method is characterized by comprising the following steps:
step 1: extracting basic features, text features and technical article features of vulnerability data in a vulnerability knowledge base to express vulnerability nodes of a vulnerability feature map;
step 2: screening vulnerability knowledge triples which can embody the attributes of similar attack targets, utilization methods and attack effects among vulnerabilities in a vulnerability knowledge base, extracting all edges and entity nodes related to the triples, and converting the edges and entity nodes into an undirected graph G;
step 3: respectively calculating a shortest distance matrix between vulnerability nodes in the undirected graph G and a vulnerability description text similarity matrix by using a Floyd algorithm and a cosine similarity algorithm, and combining the two matrices to construct an edge relation of a vulnerability feature graph to obtain the vulnerability feature graph;
step 4: extracting node vector characterization of the vulnerability feature map by using a node characterization method based on an attention mechanism;
step 5: extracting structural information and node characteristics from a vulnerability feature graph by using a vulnerability exploitation attack prediction model based on a graph attention network so as to predict the possibility of vulnerability exploitation attack;
step 6: and (3) introducing a loss function based on a gradient coordination mechanism to the vulnerability exploiting attack prediction model based on the graph attention network in the step (5) so as to balance the influence of different types of samples on the prediction model.
2. The exploit attack prediction method based on the graph neural network according to claim 1, wherein in the step 1:
taking vulnerability nodes of a vulnerability knowledge base as cores, setting up and extracting a group of effective features to express the nodes, wherein the selected features comprise vulnerability basic features, text-pushing features and technical article features;
using N-gram word bags to represent text features of vulnerability information contained in text fields;
generating a high quality tweet vector for each tweet using a Sentence-BERT (SBERT) pre-training model;
the bag of words model is used to characterize the technical articles for vulnerability-related technical articles.
3. The exploit attack prediction method based on the graph neural network according to claim 1, wherein in the step 2:
the vulnerability knowledge triples in the vulnerability knowledge base are screened, and in all triples, the vulnerability can be directly or indirectly reflected to have similar attack targets, utilization methods and attack effect attributes: < Exploit, exploit >, < Exploit, effect, program version >, < Exploit, is, vulnerability type >, < program version, belongTo, product >, < vendor, development, product >;
and extracting all edges and entity nodes related to the triplet type from the vulnerability knowledge base, and converting the edges and entity nodes into an undirected graph G.
4. The exploit attack prediction method based on the graph neural network according to claim 1, wherein in the step 3:
respectively calculating a shortest distance matrix between vulnerability nodes in the undirected graph G and a vulnerability description text similarity matrix by using a Floyd algorithm and a cosine similarity algorithm;
and adding the similarity matrix and the reciprocal matrix between the nodes to obtain final weight, setting a threshold value, and judging whether an edge relationship should be constructed between any two vulnerability nodes, so as to construct an edge relationship between the vulnerability nodes, and finally obtaining the vulnerability feature graph.
5. The exploit attack prediction method based on the graph neural network according to claim 1, wherein in the step 4:
generating a push text feature with a push sentence vector matrix as a vulnerability node for each vulnerability by using an SBERT pre-training model, which is expressed as followsWherein t is the number of the tweets corresponding to the loopholes, and d is the sentence vector dimension;
the node vector representation of the vulnerability feature map is improved by using a node representation method based on an attention mechanism, so that the problem of unbalanced distribution of the number of the pushout among different vulnerabilities is solved.
6. The exploit attack prediction method based on the graph neural network according to claim 1, wherein in the step 5:
the text feature of the push text is connected with other features in series, and is input to a graph neural network model after trainable linear transformation;
the graph annotation force network based on the multi-head attention mechanism is used for improving the perception capability of a prediction model and stabilizing the training process, structural information and node characteristics are extracted from the vulnerability characteristic graph, and the possibility of the vulnerability exploitation attack is predicted in the form of node classification tasks.
7. The method according to claim 1, wherein in step 6:
and a loss function based on a gradient coordination mechanism is introduced to balance the contribution degree of different types of samples to the prediction model, so that the negative influence of unbalanced distribution of the number of positive and negative samples on the prediction effect of the model is relieved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311135483.1A CN117216767B (en) | 2023-09-05 | 2023-09-05 | Vulnerability exploitation attack prediction method based on graph neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311135483.1A CN117216767B (en) | 2023-09-05 | 2023-09-05 | Vulnerability exploitation attack prediction method based on graph neural network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117216767A true CN117216767A (en) | 2023-12-12 |
| CN117216767B CN117216767B (en) | 2024-04-05 |
Family
ID=89038062
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311135483.1A Active CN117216767B (en) | 2023-09-05 | 2023-09-05 | Vulnerability exploitation attack prediction method based on graph neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117216767B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1694454A (en) * | 2005-05-10 | 2005-11-09 | 西安交通大学 | Active network safety loophole detector |
| CN110688456A (en) * | 2019-09-25 | 2020-01-14 | 北京计算机技术及应用研究所 | Vulnerability knowledge base construction method based on knowledge graph |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| CN112311780A (en) * | 2020-10-23 | 2021-02-02 | 国网吉林省电力有限公司电力科学研究院 | Method for generating multi-dimensional attack path and attack graph |
| CN113076543A (en) * | 2021-03-22 | 2021-07-06 | 四川大学 | Construction method for vulnerability exploitation knowledge base in social network |
| US20210279338A1 (en) * | 2020-03-04 | 2021-09-09 | The George Washington University | Graph-based source code vulnerability detection system |
| CN113901466A (en) * | 2021-09-17 | 2022-01-07 | 四川大学 | Open-source community-oriented security tool knowledge graph construction method and device |
| CN114357189A (en) * | 2021-12-29 | 2022-04-15 | 广州大学 | Vulnerability utilization relation determining method, device, equipment and storage medium |
| CN115357909A (en) * | 2022-10-19 | 2022-11-18 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Global information perception map neural network system for code vulnerability detection |
| CN115563626A (en) * | 2022-10-21 | 2023-01-03 | 四川大学 | Vulnerability availability prediction method for CVE |
| CN116582349A (en) * | 2023-06-09 | 2023-08-11 | 哈尔滨工业大学(威海) | Attack path prediction model generation method and device based on network attack graph |
| CN116684200A (en) * | 2023-07-31 | 2023-09-01 | 北京天防安全科技有限公司 | Knowledge completion method and system for attack mode of network security vulnerability |
-
2023
- 2023-09-05 CN CN202311135483.1A patent/CN117216767B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1694454A (en) * | 2005-05-10 | 2005-11-09 | 西安交通大学 | Active network safety loophole detector |
| CN110688456A (en) * | 2019-09-25 | 2020-01-14 | 北京计算机技术及应用研究所 | Vulnerability knowledge base construction method based on knowledge graph |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| US20210279338A1 (en) * | 2020-03-04 | 2021-09-09 | The George Washington University | Graph-based source code vulnerability detection system |
| CN112311780A (en) * | 2020-10-23 | 2021-02-02 | 国网吉林省电力有限公司电力科学研究院 | Method for generating multi-dimensional attack path and attack graph |
| CN113076543A (en) * | 2021-03-22 | 2021-07-06 | 四川大学 | Construction method for vulnerability exploitation knowledge base in social network |
| CN113901466A (en) * | 2021-09-17 | 2022-01-07 | 四川大学 | Open-source community-oriented security tool knowledge graph construction method and device |
| CN114357189A (en) * | 2021-12-29 | 2022-04-15 | 广州大学 | Vulnerability utilization relation determining method, device, equipment and storage medium |
| CN115357909A (en) * | 2022-10-19 | 2022-11-18 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Global information perception map neural network system for code vulnerability detection |
| CN115563626A (en) * | 2022-10-21 | 2023-01-03 | 四川大学 | Vulnerability availability prediction method for CVE |
| CN116582349A (en) * | 2023-06-09 | 2023-08-11 | 哈尔滨工业大学(威海) | Attack path prediction model generation method and device based on network attack graph |
| CN116684200A (en) * | 2023-07-31 | 2023-09-01 | 北京天防安全科技有限公司 | Knowledge completion method and system for attack mode of network security vulnerability |
Non-Patent Citations (4)
| Title |
|---|
| WENBO GUO 等: "HyVulDect: A hybrid semantic vulnerability mining system based on graph neural network", ACM, 1 October 2022 (2022-10-01), pages 1 - 14 * |
| 叶云;徐锡山;齐治昌;吴雪阳;: "大规模网络中攻击图自动构建算法研究", 计算机研究与发展, no. 10, 15 October 2013 (2013-10-15), pages 2133 - 2139 * |
| 叶子维;郭渊博;李涛;琚安康;: "一种基于知识图谱的扩展攻击图生成方法", 计算机科学, no. 12, 21 August 2019 (2019-08-21), pages 165 - 173 * |
| 王跟成;周银萍;: "主动式网络病毒入侵下漏洞感知方法仿真", 计算机仿真, no. 07, 15 July 2018 (2018-07-15), pages 245 - 248 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117216767B (en) | 2024-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2018212470B2 (en) | Continuous learning for intrusion detection | |
| Tesfahun et al. | Intrusion detection using random forests classifier with SMOTE and feature reduction | |
| Xu et al. | Hierarchical bidirectional RNN for safety-enhanced B5G heterogeneous networks | |
| Hou et al. | Hierarchical long short-term memory network for cyberattack detection | |
| CN112492059A (en) | DGA domain name detection model training method, DGA domain name detection device and storage medium | |
| Ebrahimi et al. | Binary black-box evasion attacks against deep learning-based static malware detectors with adversarial byte-level language model | |
| CN113905016A (en) | DGA domain name detection method, detection device and computer storage medium | |
| CN110855716B (en) | Self-adaptive security threat analysis method and system for counterfeit domain names | |
| Yoo et al. | The image game: exploit kit detection based on recursive convolutional neural networks | |
| CN115883261A (en) | ATT and CK-based APT attack modeling method for power system | |
| Chen et al. | Textual backdoor attacks can be more harmful via two simple tricks | |
| CN111680291A (en) | Countermeasure sample generation method and device, electronic equipment and storage medium | |
| Hu et al. | Single-shot black-box adversarial attacks against malware detectors: A causal language model approach | |
| CN113222053B (en) | Malicious software family classification method, system and medium based on RGB image and Stacking multi-model fusion | |
| Ferrag et al. | Revolutionizing cyber threat detection with large language models: A privacy-preserving bert-based lightweight model for iot/iiot devices | |
| Pham et al. | Exploring efficiency of GAN-based generated URLs for phishing URL detection | |
| CN117216767B (en) | Vulnerability exploitation attack prediction method based on graph neural network | |
| CN116417072B (en) | Sensitive data security association analysis method and device based on secure multiparty calculation | |
| Onoja et al. | Exploring the effectiveness and efficiency of LightGBM algorithm for windows malware detection | |
| Rathore et al. | Are Malware Detection Classifiers Adversarially Vulnerable to Actor-Critic based Evasion Attacks? | |
| Zheng et al. | Robust detection model for portable execution malware | |
| CN109660499A (en) | It attacks hold-up interception method and device, calculate equipment and storage medium | |
| Xie et al. | Universal targeted attacks against mmWave-based human activity recognition system | |
| JP2020119201A (en) | Determination device, determination method and determination program | |
| Rodrigues et al. | Passfault: an open source tool for measuring password complexity and strength |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |