A knowledge extrapolation model for attack inference based on graph attention networks and relation mapping
Weiwu Ren, Wenjuan Li, Li Zhao
Knowledge and Information Systems
Problems Identified (4)
Open-world attack reasoning limitations: Existing attack knowledge reasoning methods rely on closed-world assumptions and lack the ability to model unknown entities and relationships.
Multi-hop attack relation discovery: Single-step reasoning strategies make it difficult to uncover multi-hop relationships in complex attack behaviors.
Open-world attack reasoning limitations: Existing attack knowledge reasoning methods rely on closed-world assumptions and lack the ability to model unknown entities and relationships.
Multi-hop attack relation discovery: Single-step reasoning strategies make it difficult to uncover multi-hop relationships in complex attack behaviors.
Proposed Solutions (5)
GAT relation-mapping extrapolation model: The paper proposes an attack knowledge extrapolation model using graph attention networks and relation mapping for open-world attack knowledge reasoning.
Mapping topology feature generation: The model constructs a mapping topology graph in a cybersecurity knowledge graph and uses neighborhood structures to generate representations for unknown entities and relations.
Attention-residual neighbor aggregation: The model combines graph attention mechanisms with residual connections to adaptively aggregate informative neighbor features.
Triple scoring prediction: The model uses a scoring function to infer and predict unknown attack-related entity–relation triples.
GAT relation-mapping extrapolation model: The paper proposes an attack knowledge extrapolation model using graph attention networks and relation mapping for open-world attack knowledge reasoning.
Results (3)
Improved cybersecurity KG reasoning metrics:
Effective open-world attack reasoning:
Improved cybersecurity KG reasoning metrics:
Research Domain
Cybersecurity knowledge graph reasoning