Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database ...

Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the National Vulnerability Database (NVD). Our approach combines named...

Full description

Bibliographic Details
Main Authors: Høst, Anders Mølmen, Lison, Pierre, Moonen, Leon
Format: Report
Language:unknown
Published: arXiv 2023
Subjects:
Cryptography and Security cs.CR
Artificial Intelligence cs.AI
Computation and Language cs.CL
Software Engineering cs.SE
FOS Computer and information sciences
Faroe Islands
Ner
Online Access:https://dx.doi.org/10.48550/arxiv.2305.00382
https://arxiv.org/abs/2305.00382
Description
Summary:Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the National Vulnerability Database (NVD). Our approach combines named entity recognition (NER), relation extraction (RE), and entity prediction using a combination of neural models, heuristic rules, and knowledge graph embeddings. We demonstrate how our method helps to fix missing entities in knowledge graphs used for cybersecurity and evaluate the performance. ... : Accepted for publication in the 24th Nordic Conference on Computational Linguistics (NoDaLiDa), T\'{o}rshavn, Faroe Islands, May 22nd-24th, 2023. [v2]: added funding acknowledgments ...

Similar Items