基于本体的网络安全知识图谱构建方法

doi:10.3969/j.issn.1671-1122.2025.03.008

摘要/Abstract

摘要：

随着信息技术的高速发展，网络空间与现实世界连接越来越紧密。将知识图谱技术应用于网络安全领域，能够从网络空间海量数据中获取碎片化的有效安全知识进行整合，为决策提供支持。现有方法存在本体模型缺乏统一标准、知识抽取效果不佳等问题，因此，文章提出一种基于本体的网络安全知识图谱构建方法，该方法包含命名实体识别和关系抽取两个模型，其中命名实体识别模型结合BERT预训练模型、双向长短期记忆网络、多头注意力机制和条件随机场；关系抽取模型结合BERT预训练模型、自注意力机制和卷积神经网络。这两个模型提升了命名实体识别的准确率，并提升了关系抽取任务的准确率以及自动化程度。文章提出的网络安全知识图谱构建方法可整合并分析网络安全数据，实现网络安全知识的智能化检索以及知识图谱的自动更新和扩展。

关键词: 网络安全, 知识图谱, 本体, 知识抽取

Abstract:

With the rapid development of information technology, the connection between cyberspace and the real world has become increasingly close. Applying knowledge graph technology to the field of cybersecurity allows for the extraction and integration of fragmented, valuable security knowledge from vast amounts of data in cyberspace, providing support for decision-making. Existing methods face issues such as the lack of a unified standard for ontology models and poor knowledge extraction performance. This paper proposed an ontology-based method for constructing a cybersecurity knowledge graph, which included two models: named entity recognition and relation extraction. The named entity recognition model integrated the BERT pre-trained model, bidirectional long short-term memory network, multi-head attention mechanism, and conditional random fields; the relation extraction model combined the BERT pre-trained model, self-attention mechanism and convolutional neural network. These two models improved the accuracy of named entity recognition and enhanced the accuracy and automation of relation extraction tasks. The proposed method for constructing the cybersecurity knowledge graph can integrate and analyze cybersecurity data, enabling intelligent retrieval of cybersecurity knowledge and automatic updates and expansion of the knowledge graph.

Key words: cybersecurity, knowledge graph, ontology, knowledge extraction

中图分类号:

TP309

许智双, 张昆, 范俊超, 常晓林. 基于本体的网络安全知识图谱构建方法[J]. 信息网络安全, 2025, 25(3): 451-466.

XU Zhishuang, ZHANG Kun, FAN Junchao, CHANG Xiaolin. Construction Method of Cybersecurity Knowledge Graph Based on Ontology[J]. Netinfo Security, 2025, 25(3): 451-466.

图/表 25

图1

图2

图3

图4

图5

图6

表1

表2

表3

表4

表5

图7

图8

图9

表6

表7

表8

图10

图11

图12

图13

图14

图15

图16

图17

参考文献 31

[1]	REN Yitong, XIAO Yanjun, ZHOU Yinghai, et al. CSKG4APT: A Cybersecurity Knowledge Graph for Advanced Persistent Threat Organization Attribution[J]. IEEE Transactions on Knowledge and Data Engineering, 2022, 35(6): 5695-5709.
[2]	JIANG Yuning, JEUSFELD M A, DING Jianguo, et al. Model-Based Cybersecurity Analysis: Extending Enterprise Modeling to Critical Infrastructure Cybersecurity[J]. Business & Information Systems Engineering, 2023, 65(6): 643-676.
[3]	SIKOS L F. Cybersecurity Knowledge Graphs[J]. Knowledge and Information Systems, 2023, 65(9): 3511-3531.
[4]	LIU Kai, WANG Fei, DING Zhaoyun, et al. Recent Progress of Using Knowledge Graph for Cybersecurity[J]. Electronics, 2022, 11(15): 2287-2314.
[5]	WANG Gaosheng, LIU Peipei, HUANG Jintao, et al. KnowCTI: Knowledge-Based Cyber Threat Intelligence Entity and Relation Extraction[J]. Computers & Security, 2024, 141(6): 1-12.
[6]	WANG Xiaodi, HUANG Cheng, LIU Jiayong. Research Overview on Knowledge Graphs for Open Source Intelligence in Cybersecurity[J]. Netinfo Security, 2023, 23(6): 11-21.
	王晓狄, 黄诚, 刘嘉勇. 面向网络安全开源情报的知识图谱研究综述[J]. 信息网络安全, 2023, 23(6):11-21.
[7]	LI Hongyi, ZE Shi, PAN Chengwei, et al. Cybersecurity Knowledge Graphs Construction and Quality Assessment[J]. Complex & Intelligent Systems, 2024, 10(1): 5-16.
[8]	CHEN Jiarui, LU Yiqin, ZHANG Yang, et al. A Management Knowledge Graph Approach for Critical Infrastructure Protection: Ontology Design, Information Extraction and Relation Prediction[J]. International Journal of Critical Infrastructure Protection, 2023, 43(4): 3-7.
[9]	PREUVENEERS D, JOOSEN W. An Ontology-Based Cybersecurity Framework for AI-Enabled Systems and Applications[J]. Future Internet, 2024, 16(3): 4-18.
[10]	GRANDIN A. An Ontology of Cyberspace as a Basis for Decision-Making in Cyberoperations[C]// IEEE. International Conference on Cyber Warface and Security. New York: IEEE, 2024: 84-94.
[11]	BUGHIO K S, COOK D M, SHAH S A A. Developing a Novel Ontology for Cybersecurity in Internet of Medical Things-Enabled Remote Patient Monitoring[J]. Sensors, 2024, 24(9): 5-20.
[12]	BERNARDINI A, D’ALTERIO F, SAGRATELLA L, et al. “Work-in-Progress” Structuring the Complexity: an Ontological Approach to Analyze the Cybersecurity of a 5G Service[C]// IEEE. 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). New York: IEEE, 2024: 691-700.
[13]	KOUGIOUMTZIDOU A, PAPOUTSIS A, KAVALLIEROS D, et al. An End-to-End Framework for Cybersecurity Taxonomy and Ontology Generation and Updating[C]// IEEE. 2024 IEEE International Conference on Cyber Security and Resilience (CSR). New York: IEEE, 2024: 247-254.
[14]	XU Derong, CHEN Wei, PENG Wenjun, et al. Large Language Models for Generative Information Extraction: A Survey[J]. Frontiers of Computer Science, 2024, 18(6): 2-14.
[15]	WANG Yaxin, ZHANG Jian. Electronic Medical Record Fingerprint Feature Extraction Based on Few-Shot Named Entity Recognition Technology[J]. Netinfo Security, 2024, 24(10): 1537-1543.
	王亚欣, 张健. 基于少样本命名实体识别技术的电子病历指纹特征提取[J]. 信息网络安全, 2024, 24(10):1537-1543.
[16]	STUDIAWAN H, HASAN M F, PRATOMO B A. Rule-Based Entity Recognition for Forensic Timeline[C]// IEEE. 2023 Conference on Information Communications Technology and Society (ICTAS). New York: IEEE, 2023: 1-6.
[17]	HU Chenxi, WU Tao, LIU Chunsheng, et al. Joint Contrastive Learning and Belief Rule Base for Named Entity Recognition in Cybersecurity[J]. Cybersecurity, 2024, 7(1): 3-12.
[18]	SARHAN M, LAYEGHY S, MOUSTAFA N, et al. Feature Extraction for Machine Learning-Based Intrusion Detection in IoT Networks[J]. Digital Communications and Networks, 2024, 10(1): 205-216.
[19]	MUMTAZ G, AKRAM S, IQBAL M W, et al. Classification and Prediction of Significant Cyber Incidents (SCI) Using Data Mining and Machine Learning (DM-ML)[J]. IEEE Access, 2023, 11: 94486-94496.
[20]	LI Jiao, ZHANG Yuqing, WU Yabiao. Large Language Model Data Augmentation Methods for Relationship Extraction in Cybersecurity[J]. Netinfo Security, 2024, 24(10): 1477-1483.
	李娇, 张玉清, 吴亚飚. 面向网络安全关系抽取的大语言模型数据增强方法[J]. 信息网络安全, 2024, 24(10):1477-1483.
[21]	WANG Fei, DING Zhaoyun, LIU Kai, et al. Multi-Relation Extraction for Cybersecurity Based on Ontology Rule-Enhanced Prompt Learning[J]. Electronics, 2024, 13(12): 1-25.
[22]	AHMED K, KHURSHID S K, HINA S. CyberEntRel: Joint Extraction of Cyber Entities and Relations Using Deep Learning[J]. Computer & Security, 2024, 136(1): 1-11.
[23]	JI Bin, LI Shasha, XU Hao, et al. Span-Based Joint Entity and Relation Extraction Augmented with Sequence Tagging Mechanism[J]. Science China Information Sciences, 2024, 67(5): 1-15.
[24]	CHEN S S, HWANG R H, SUN C Y, et al. Enhancing Cyber Threat Intelligence with Named Entity Recognition Using BERT-CRF[C]// IEEE. IEEE Global Communiacations Conference 2023. New York: IEEE, 2023: 7532-7537.
[25]	LIU Yafei, WEI Siqi, HUANG Haijun, et al. Naming Entity Recognition of Citrus Pests and Diseases Based on the BERT-BiLSTM-CRF Model[J]. Expert Systems with Applications, 2023, 234(27): 1-10.
[26]	PAN Xuefeng, CAO Yuanyuan, HOU Xiaorui, et al. Named Entity Recognition of TCM Electronic Medical Records Based on the ALBERT-BiLSTM-CRF Model[C]// IEEE. 2022 12th International Conference on Information Technology in Medicine and Education (ITME 2022). New York: IEEE, 2022: 575-582.
[27]	KE Jia, WANG Weiji, CHEN Xiaojun, et al. Medical Entity Recognition and Knowledge Map Relationship Analysis of Chinese EMRs Based on Improved BiLSTM-CRF[J]. Computers and Electrical Engineering, 2023, 108(4): 1-18.
[28]	360 Total Security. Security Report[EB/OL]. (2024-05-09) [2024-11-14]. https://cert.360.cn/report.
	360安全安全报告[EB/OL]. (2024-05-09) [2024-11-14]. https://cert.360.cn/report.
[29]	National Computer Network Emergency Response Technical Team/Coordination Center of China. Security Report[EB/OL]. (2023-06-28) [2024-11-20]. https://www.cert.org.cn/publish/main/17/index.html.
	国家计算机网络应急技术处理协调中心. 安全报告[EB/OL]. (2023-06-28)[2024-11-20]. https://www.cert.org.cn/publish/main/17/index.html.
[30]	KAUR K, KAUR P. BERT-CNN: Improving BERT for Requirements Classification Using CNN[J]. Procedia Computer Science, 2023, 218(3): 2604-2611.
[31]	BELLO A, NG S C, LEUNG M F. A BERT Framework to Sentiment Analysis of Tweets[J]. Sensors, 2023, 23(1): 1-14.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	12	0	0	26

来源	本网站	其他网站

次数	38	0
比例	100%	0%

摘要

最新录用	在线预览	正式出版

0	0	39

	来源	本网站

	次数	39
	比例	100%

符号	含义	符号	含义
B-administrator	管理员实体的开始部分	I-network	网络实体的其余部分
I-administrator	管理员实体的其余部分	B-attacker	攻击者实体的开始部分
B-host	主机实体的开始部分	I-attacker	攻击者实体的其余部分
I-host	主机实体的其余部分	B-attack_mode	攻击方式实体的开始部分
B-system	操作系统实体的开始部分	I-attack_mode	攻击方式实体的其余部分
I-system	操作系统实体的其余部分	B-loophole	漏洞实体的开始部分
B-hardware	硬件实体的开始部分	I-loophole	漏洞实体的其余部分
I-hardware	硬件实体的其余部分	B-malware	恶意软件实体的开始部分
B-software	软件实体的开始部分	I-malware	恶意软件实体的其余部分
I-software	软件实体的其余部分	B-virus	病毒实体的开始部分
B-ip	IP实体的开始部分	I-virus	病毒实体的其余部分
I-ip	IP实体的其余部分	B-defender	防御者实体的开始部分
B-port	端口实体的开始部分	I-defender	防御者实体的其余部分
I-port	端口实体的其余部分	B-defense_mode	防御方式实体的开始部分
B-service	服务实体的开始部分	I-defense_mode	防御方式实体的其余部分
I-service	服务实体的其余部分	O	非实体
B-network	网络实体的开始部分	—	—

数据集	训练集/个	测试集/个	验证集/个
语句数	3101	886	443
实体总数	2513	718	359
管理员	120	12	8
主机	159	46	20
操作系统	100	53	6
硬件	114	21	25
软件	129	30	32
IP	120	12	8
端口	160	12	8
服务	100	12	9
网络	49	11	9
攻击者	219	66	37
攻击方式	276	58	58
漏洞	185	92	10
恶意软件	294	113	28
病毒	104	97	42
防御者	222	50	28
防御方式	162	33	31

名称	配置信息
CPU	AMD Ryzen Threadripper 3970X 32-Core Processor
内存	251 GB
操作系统	Ubuntu 20.04.5 LTS
开发框架	Python 3.7.16
编程语言	PyTorch 1.13.1

名称	数值
batch_size	8
num_train_epochs	15
max_seq_length	202
learning_rate	1e-5
dropout	0.5
clip	0.5

模型	Precision	Recall	F1值
BERT-BiLSTM-MHA-CRF	84.52%	89.29%	86.84%
BERT-BiLSTM-CRF	82.55%	86.49%	84.48%
BERT-CRF	71.68%	82.01%	76.50%
BERT-MHA-CRF	75.28%	81.35%	78.19%
ALBERT-BiLSTM-CRF	84.13%	83.53%	83.83%
Word2vec-BiLSTM-CRF	79.05%	87.83%	83.21%