Biblio

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on "trial and error" experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP\_SYS\_ADMIN), and security profiles (e.g., AppArmor and SecComp). Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources.

The protection of Intellectual Property (IP) has gradually increased in recent years. Traditional intellectual property management service has lower efficiency for such scale of data. Considering that the maturity of deep learning models has led to the development of knowledge graphs. Relevant researchers have investigated the application of knowledge graphs in different domains, such as medical services, social media, etc. However, few studies of knowledge graphs have been undertaken in the domain of intellectual property. In this paper, we introduce the process of building a domain knowledge graph and start from data preparation to conduct the research of named entity recognition.

In order to solve the problem that collaborative filtering recommendation algorithm completely depends on the interactive behavior information of users while ignoring the correlation information between items, this paper introduces a link prediction algorithm based on knowledge graph to integrate ItemCF algorithm. Through the linear weighted fusion of the item similarity matrix obtained by the ItemCF algorithm and the item similarity matrix obtained by the link prediction algorithm, the new fusion matrix is then introduced into ItemCF algorithm. The MovieLens-1M data set is used to verify the KGLP-ItemCF model proposed in this paper, and the experimental results show that the KGLP-ItemCF model effectively improves the precision, recall rate and F1 value. KGLP-ItemCF model effectively solves the problems of sparse data and over-reliance on user interaction information by introducing knowledge graph into ItemCF algorithm.

With the rapid improvement of China's industrial production level, there are an increasing number of industrial enterprises and kinds of products. The quality and safety supervision of industrial products is an important step to ensure people's livelihood safety. The current supervision includes a number of processes, such as risk monitoring, public opinion analysis, supervision, spot check and postprocessing. The lack of effective information integration and sharing between the above processes cannot support the implementation of whole-chain regulation well. This paper proposes a whole-chain supervision method of industrial product quality and safety based on a knowledge graph, which integrates massive and complex data of the whole chain and visually displays the relationships between entities in the regulatory process. This method can effectively solve the problem of information islands and track and locate the quality problems of large-scale industrial products.

Due to the large number of terminal nodes and wide deployment of power IOT, it is vulnerable to attacks such as physical hijacking, communication link theft and replay. In order to sense and measure the security risks and threats of massive power IOT terminals in real time, a security threat assessment for power IOT terminals based on knowledge graph was proposed. Firstly, the basic data, operation data and alarm threat data of power IOT terminal equipment are extracted and correlated, and the power IOT terminal based on knowledge graph is constructed. Then, the real-time monitoring data of the power IOT terminal is preprocessed. Based on the knowledge graph of the power IOT terminal, the safety analysis and operation analysis of the terminal are carried out, and the threat index of the power IOT terminal is perceived in real time. Finally, security operation and maintenance personnel make disposal decisions on the terminals according to the threat index of power IOT terminals to ensure the safe and stable operation of power IOT terminal nodes. The experimental results show that compared with the traditional IPS, the method can effectively detect the security threat of the power IOT terminal and reduce the alarm vulnerability rate.

In the economics environment, Job Matching is always a challenge involving the evolution of knowledge and skills. A good matching of skills and jobs can stimulate the growth of economics. Recommender System (RecSys), as one kind of Job Matching, can help the candidates predict the future job relevant to their preferences. However, RecSys still has the problem of cold start and data sparsity. The content-based filtering in RecSys needs the adaptive data for the specific staffing tasks of Bidirectional Encoder Representations from Transformers (BERT). In this paper, we propose a job RecSys based on skills and locations using a domain-specific Knowledge Graph (KG). This system has three parts: a pipeline of Named Entity Recognition (NER) and Relation Extraction (RE) using BERT; a standardization system for pre-processing, semantic enrichment and semantic similarity measurement; a domain-specific Knowledge Graph (KG). Two different relations in the KG are computed by cosine similarity and Term Frequency-Inverse Document Frequency (TF-IDF) respectively. The raw data used in the staffing RecSys include 3000 descriptions of job offers from Indeed, 126 Curriculum Vitae (CV) in English from Kaggle and 106 CV in French from Linx of Capgemini Engineering. The staffing RecSys is integrated under an architecture of Microservices. The autonomy and effectiveness of the staffing RecSys are verified through the experiment using Discounted Cumulative Gain (DCG). Finally, we propose several potential research directions for this research.

With the booming of Internet technology, the continuous emergence of new technologies and new algorithms greatly expands the application boundaries of cyberspace. While enjoying the convenience brought by informatization, the society is also facing increasingly severe threats to the security of cyberspace. In cyber security defense, cyberspace operators rely on the discovered vulnerabilities, attack patterns, TTPs, and other knowledge to observe, analyze and determine the current threats to the network and security situation in cyberspace, and then make corresponding decisions. However, most of such open-source knowledge is distributed in different data sources in the form of text or web pages, which is not conducive to the understanding, query and correlation analysis of cyberspace operators. In this paper, a knowledge graph for cyber security is constructed to solve this problem. At first, in the process of obtaining security data from multi-source heterogeneous cyberspaces, we adopt efficient crawler to crawl the required data, paving the way for knowledge graph building. In order to establish the ontology required by the knowledge graph, we abstract the overall framework of security data sources in cyberspace, and depict in detail the correlations among various data sources. Then, based on the \$$\backslash$mathbfOWL +$\backslash$mathbfSWRL\$ language, we construct the cyber security knowledge graph. On this basis, we design an analysis system for situation in cyberspace based on knowledge graph and the Snort intrusion detection system (IDS), and study the rules in Snort. The system integrates and links various public resources from the Internet, including key information such as general platforms, vulnerabilities, weaknesses, attack patterns, tactics, techniques, etc. in real cyberspace, enabling the provision of comprehensive, systematic and rich cyber security knowledge to security researchers and professionals, with the expectation to provide a useful reference for cyber security defense.

Security databases such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) maintain diverse high-quality security concepts, which are treated as security entities. Meanwhile, security entities are documented with many potential relation types that profit for security analysis and comprehension across these three popular databases. To support reasoning security entity relationships, translation-based knowledge graph representation learning treats each triple independently for the entity prediction. However, it neglects the important semantic information about the neighbor entities around the triples. To address it, we propose a text-enhanced graph attention network model (text-enhanced GAT). This model highlights the importance of the knowledge in the 2-hop neighbors surrounding a triple, under the observation of the diversity of each entity. Thus, we can capture more structural and textual information from the knowledge graph about the security databases. Extensive experiments are designed to evaluate the effectiveness of our proposed model on the prediction of security entity relationships. Moreover, the experimental results outperform the state-of-the-art by Mean Reciprocal Rank (MRR) 0.132 for detecting the missing relationships.

Knowledge Graph can describe the concepts in the objective world and the relationships between these concepts in a structured way, and identify, discover and infer the relationships between things and concepts. It has been developed in the field of medical and health care. In this paper, the method of natural language processing has been used to build chronic disease knowledge graph, such as named entity recognition, relationship extraction. This method is beneficial to forecast analysis of chronic disease, network monitoring, basic education, etc. The research of this paper can greatly help medical experts in the treatment of chronic disease treatment, and assist primary clinicians with making more scientific decision, and can help Patients with chronic diseases to improve medical efficiency. In the end, it also has practical significance for clinical scientific research of chronic disease.

Aiming at the disadvantages of traditional methods such as low penetration path generation efficiency and low attack type recognition accuracy, an optimal penetration path generation algorithm based on the knowledge map power WEB system unknown attack is proposed. First, establish a minimum penetration path test model. And use the model to test the unknown attack of the penetration path under the power WEB system. Then, the ontology of the knowledge graph is designed. Finally, the design of the optimal penetration path generation algorithm based on the knowledge graph is completed. Experimental results show that the algorithm improves the efficiency of optimal penetration path generation, overcomes the shortcomings of traditional methods that can only describe known attacks, and can effectively guarantee the security of power WEB systems.

With the rapid development of networks, cyberspace security is facing increasingly severe challenges. Traditional alert aggregation process and alert correlation analysis process are susceptible to a large amount of redundancy and false alerts. To tackle the challenge, this paper proposes a network security situational awareness model KG-NSSA (Knowledge-Graph-based NSSA) based on knowledge graphs. This model provides an asset-based network security knowledge graph construction scheme. Based on the network security knowledge graph, a solution is provided for the classic problem in the field of network security situational awareness - network attack scenario discovery. The asset-based network security knowledge graph combines the asset information of the monitored network and fully considers the monitoring of network traffic. The attack scenario discovery according to the KG-NSSA model is to complete attack discovery and attack association through attribute graph mining and similarity calculation, which can effectively reflect specific network attack behaviors and mining attack scenarios. The effectiveness of the proposed method is verified on the MIT DARPA2000 data set. Our work provides a new approach for network security situational awareness.

The Dark Web, a conglomerate of services hidden from search engines and regular users, is used by cyber criminals to offer all kinds of illegal services and goods. Multiple Dark Web offerings are highly relevant for the cyber security domain in anticipating and preventing attacks, such as information about zero-day exploits, stolen datasets with login information, or botnets available for hire. In this work, we analyze and discuss the challenges related to information gathering in the Dark Web for cyber security intelligence purposes. To facilitate information collection and the analysis of large amounts of unstructured data, we present BlackWidow, a highly automated modular system that monitors Dark Web services and fuses the collected data in a single analytics framework. BlackWidow relies on a Docker-based micro service architecture which permits the combination of both preexisting and customized machine learning tools. BlackWidow represents all extracted data and the corresponding relationships extracted from posts in a large knowledge graph, which is made available to its security analyst users for search and interactive visual exploration. Using BlackWidow, we conduct a study of seven popular services on the Deep and Dark Web across three different languages with almost 100,000 users. Within less than two days of monitoring time, BlackWidow managed to collect years of relevant information in the areas of cyber security and fraud monitoring. We show that BlackWidow can infer relationships between authors and forums and detect trends for cybersecurity-related topics. Finally, we discuss exemplary case studies surrounding leaked data and preparation for malicious activity.

Information-centric networking (ICN) is a novel networking architecture with subscription-based naming mechanism and efficient caching, which has abundant semantic features. However, existing defense studies in ICN fails to isolate or block efficiently novel content threats including malicious penetration and semantic obfuscation for the lack of researches considering ICN semantic features. More importantly, to detect potential threats, existing security works in ICN fail to use semantic reasoning to construct security knowledge-based defense mechanism. Thus ICN needs a smart and content-based defense mechanism. Current works are not able to block content threats implicated in semantics. Additionally, based on traditional computing resources, they are incompatible with ICN protocols. In this paper, we propose smart reasoning based content threat defense for semantics knowledge enhanced ICN. A fog computing based defense mechanism with content semantic awareness is designed to build ICN edge defense system. In addition, smart reasoning algorithms is proposed to detect implicit knowledge and semantic relations in packet names and contents with context communication content and knowledge graph. On top of inference knowledge, the mechanism can perceive threats from ICN interests. Simulations demonstrate the validity and efficiency of the proposed mechanism.

With the development of Online Social Networks(OSNs), OSNs have been becoming very popular platforms to publish resources and to establish relationship with friends. However, due to the lack of prior knowledge of others, there are usually risks associated with conducting network activities, especially those involving money. Therefore, it will be necessary to quantify the trust relationship of users in OSNs, which can help users decide whether they can trust another user. In this paper, we present a novel method for evaluating trust in OSNs using knowledge graph (KG), which is the cornerstone of artificial intelligence. And we focus on the two contributions for trust evaluation in OSNs: (i) a novel method using RNN to quantify trustworthiness in OSNs, which is inspired by relationship prediction in KG; (ii) a Path Reliability Measuring algorithm (PRM) to decide the reliability of a path from the trustor to the trustee. The experiment result shows that our method is more effective than traditional methods.

Critical business applications in domains ranging from technical support to healthcare increasingly rely on large-scale, automatically constructed knowledge graphs. These applications use the results of complex queries over knowledge graphs in order to help users in taking crucial decisions such as which drug to administer, or whether certain actions are compliant with all the regulatory requirements and so on. However, these knowledge graphs constantly evolve, and the newer versions may adversely impact the results of queries that the previously taken business decisions were based on. We propose a framework based on provenance polynomials to track the impact of knowledge graph changes on arbitrary SPARQL query results. Focusing on the deletion of facts, we show how to efficiently determine the queries impacted by the change, develop ways to incrementally maintain these polynomials, and present an efficient implementation on top of RDF graph databases. Our experimental evaluation over large-scale RDF/SPARQL benchmarks show the effectiveness of our proposal.