CN117436086A - Knowledge graph-based software supply chain security analysis method and system - Google Patents
Knowledge graph-based software supply chain security analysis method and system Download PDFInfo
- Publication number
- CN117436086A CN117436086A CN202311396519.1A CN202311396519A CN117436086A CN 117436086 A CN117436086 A CN 117436086A CN 202311396519 A CN202311396519 A CN 202311396519A CN 117436086 A CN117436086 A CN 117436086A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- knowledge graph
- knowledge
- component
- supply chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 29
- 238000013507 mapping Methods 0.000 claims abstract description 18
- 238000001914 filtration Methods 0.000 claims abstract description 8
- 238000000034 method Methods 0.000 claims abstract description 6
- 238000000605 extraction Methods 0.000 claims description 9
- 230000009193 crawling Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 3
- 238000009499 grossing Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/041—Abduction
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311396519.1A CN117436086A (en) | 2023-10-26 | 2023-10-26 | Knowledge graph-based software supply chain security analysis method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311396519.1A CN117436086A (en) | 2023-10-26 | 2023-10-26 | Knowledge graph-based software supply chain security analysis method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117436086A true CN117436086A (en) | 2024-01-23 |
Family
ID=89549364
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311396519.1A Pending CN117436086A (en) | 2023-10-26 | 2023-10-26 | Knowledge graph-based software supply chain security analysis method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117436086A (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110321240A (en) * | 2019-06-28 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of business impact assessment method and apparatus based on time series forecasting |
CN112381126A (en) * | 2020-11-02 | 2021-02-19 | 安徽华米智能科技有限公司 | Indoor and outdoor scene recognition method and device, electronic equipment and storage medium |
CN112749396A (en) * | 2021-01-21 | 2021-05-04 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for constructing security vulnerability knowledge graph |
CN113032794A (en) * | 2021-04-23 | 2021-06-25 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for constructing security vulnerability knowledge graph |
CN113139192A (en) * | 2021-04-09 | 2021-07-20 | 扬州大学 | Third-party library security risk analysis method and system based on knowledge graph |
CN113239358A (en) * | 2021-03-11 | 2021-08-10 | 东南大学 | Open source software vulnerability mining method based on knowledge graph |
CN115033894A (en) * | 2022-08-12 | 2022-09-09 | 中国电子科技集团公司第三十研究所 | Software component supply chain safety detection method and device based on knowledge graph |
CN115080012A (en) * | 2022-06-27 | 2022-09-20 | 平安银行股份有限公司 | class file conflict recognition method and device, electronic equipment and storage medium |
CN116804980A (en) * | 2023-06-25 | 2023-09-26 | 软安科技有限公司 | Binary component retrieval method and device |
-
2023
- 2023-10-26 CN CN202311396519.1A patent/CN117436086A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110321240A (en) * | 2019-06-28 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of business impact assessment method and apparatus based on time series forecasting |
CN112381126A (en) * | 2020-11-02 | 2021-02-19 | 安徽华米智能科技有限公司 | Indoor and outdoor scene recognition method and device, electronic equipment and storage medium |
CN112749396A (en) * | 2021-01-21 | 2021-05-04 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for constructing security vulnerability knowledge graph |
CN113239358A (en) * | 2021-03-11 | 2021-08-10 | 东南大学 | Open source software vulnerability mining method based on knowledge graph |
CN113139192A (en) * | 2021-04-09 | 2021-07-20 | 扬州大学 | Third-party library security risk analysis method and system based on knowledge graph |
CN113032794A (en) * | 2021-04-23 | 2021-06-25 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for constructing security vulnerability knowledge graph |
CN115080012A (en) * | 2022-06-27 | 2022-09-20 | 平安银行股份有限公司 | class file conflict recognition method and device, electronic equipment and storage medium |
CN115033894A (en) * | 2022-08-12 | 2022-09-09 | 中国电子科技集团公司第三十研究所 | Software component supply chain safety detection method and device based on knowledge graph |
CN116804980A (en) * | 2023-06-25 | 2023-09-26 | 软安科技有限公司 | Binary component retrieval method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7030707B2 (en) | Systems and methods for generating metadata-driven external interfaces for application programming interfaces | |
US7606784B2 (en) | Uncertainty management in a decision-making system | |
CN109522312B (en) | Data processing method, device, server and storage medium | |
Chen et al. | Temporal representation for mining scientific data provenance | |
Awad et al. | On efficient processing of BPMN-Q queries | |
Kondylakis et al. | Ontology evolution: assisting query migration | |
Luo et al. | Combination of research questions and methods: A new measurement of scientific novelty | |
Rashid et al. | Completeness and consistency analysis for evolving knowledge bases | |
Hartmann et al. | Model-driven analytics: Connecting data, domain knowledge, and learning | |
Yonai et al. | Mercem: Method name recommendation based on call graph embedding | |
Izsó et al. | Towards precise metrics for predicting graph query performance | |
Fadlallah et al. | Context-aware big data quality assessment: a scoping review | |
Zhengxin et al. | Mlops spanning whole machine learning life cycle: A survey | |
Ba et al. | Integration of web sources under uncertainty and dependencies using probabilistic XML | |
Movchan et al. | Constructing an Automation System to Implement Intelligence-Led Policing Into the National Police of Ukraine | |
CN117436086A (en) | Knowledge graph-based software supply chain security analysis method and system | |
CN114329454B (en) | Threat analysis method and system based on application software big data | |
Sassi et al. | Supporting ontology adaptation and versioning based on a graph of relevance | |
Pernischová | The butterfly effect in knowledge graphs: Predicting the impact of changes in the evolving web of data | |
Esmaeilpour et al. | Design pattern mining using distributed learning automata and DNA sequence alignment | |
Adnan et al. | Towards Improved Data Analytics Through Usability Enhancement of Unstructured Big Data | |
CN117217392B (en) | Method and device for determining general equipment guarantee requirement | |
Kareshk | Predicting Textual Merge Conflicts | |
US11137989B1 (en) | Constructing a data flow graph for a computing system of an organization | |
Chen et al. | A multi-source heterogeneous spatial big data fusion method based on multiple similarity and voting decision |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Sun Mingyuan Inventor after: Cheng Hao Inventor after: Li Chaofan Inventor after: Wang Hu Inventor after: Hu Yutao Inventor after: Zou Deqing Inventor before: Cheng Hao Inventor before: Li Chaofan Inventor before: Wang Hu Inventor before: Hu Yutao Inventor before: Sun Mingyuan Inventor before: Zou Deqing |