Abstract
6G-oriented network intelligence needs the support of knowledge from inside and outside the network. CAPEC and CWE are network security databases targeting attack patterns and weaknesses respectively, which are relatively complete knowledge from outside the network. Constructing the important entities and relationships in CAPEC and CWE as knowledge graphs is conducive to comprehensively grasping the strategies and behaviors of certain attacks, thus providing a supplement for network internal knowledge and guidance for attack prediction and network situational awareness. Therefore, this paper analyzes the content and organizational structure of CAPEC and CWE, and proposes a method to construct cyber-attack knowledge graph based on CAPEC and CWE, which is implemented in the graph database Neo4j. This paper also introduces the application of the knowledge graph in DDoS flood attack and multi-stage attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liu, G., et al.: Vision, requirements and network architecture of 6G mobile network beyond 2030. China Communications 17(9), 92–104 (2020)
Yang, H., Alphones, A., Xiong, Z., Niyato, D., Zhao, J., Kaishun, W.: Artificial-intelligence-enabled intelligent 6G networks. IEEE Network 34(6), 272–280 (2020)
Mitre. Common attack pattern enumeration and classification (2021). https://capec.mitre.org/
Mitre. Common weakness enumeration (2021). https://cwe.mitre.org/
Nickel, M., Murphy, K., Tresp, V., Gabrilovich, E.: A review of relational machine learning for knowledge graphs. Proc. IEEE 104(1), 11–33 (2016)
Kim, H.: 5G core network security issues and attack classification from network protocol perspective. J. Internet Serv. Inf. Secur. 10(2), 1–15 (2020)
Abhishta, A., van Heeswijk, W., Junger, M., Nieuwenhuis, L.J.M., Joosten, R.: Why would we get attacked? an analysis of attacker’s aims behind DDos attacks. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(2), 3–22 (2020)
Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 53–60 (2018)
Piplai, A., Mittal, S., Joshi, A., Finin, T., Holt, J., Zak, R.: Creating cybersecurity knowledge graphs from malware after action reports. IEEE Access 8, 211691–211703 (2020)
Pingle, A., Piplai, A., Mittal, S., Joshi, A., Holt, J., Zak, R.: Relext: relation extraction using deep learning approaches for cybersecurity knowledge graph improvement. In: 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 879–886 (2019)
Hooi, E.K.J., Zainal, A., Maarof, M.A., Kassim, M.N.: TAGraph: knowledge graph of threat actor. In: 2019 International Conference on Cybersecurity (ICoCSec), pp. 76–80 (2019)
Li, T., Paja, E., Mylopoulos, J., Horkoff, J., Beckers, K.: Security attack analysis using attack patterns. In: 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS), pp. 1–13 (2016)
Kotenko, I., Doynikova, E.: The CAPEC based generator of attack scenarios for network security evaluation. In: 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 1, pp. 436–441 (2015)
Du, Y., Lu, Y.: A weakness relevance evaluation method based on PageRank. In: 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC), pp. 422–427 (2019)
Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: AAAI Workshop on Artificial Intelligence for Cyber Security (2016)
Ansarinia, M., Asghari, S.A., Souzani, A., Ghaznavi, A.: Ontology-based modeling of DDoS attacks for attack plan detection. In: 6th International Symposium on Telecommunications (IST), pp. 993–998 (2012)
Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES knowledge graph: an integrated resource for cybersecurity. In: Ghidini, C., et al. (eds.) ISWC 2019. LNCS, vol. 11779, pp. 198–214. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30796-7_13
Hutchins, E., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains (2010)
Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att&ck: Design and philosophy. In: The MITRE Corporation, Tech Rep: MP180360 (2020)
Neo4j. Documentation (2021). https://neo4j.com/docs/
Acknowledgement
This paper is supported by National Key R&D Program of China under Grant No. 2018YFA0701604.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, W., Zhou, H., Li, K., Tu, Z., Liu, F. (2022). Cyber-Attack Behavior Knowledge Graph Based on CAPEC and CWE Towards 6G. In: You, I., Kim, H., Youn, TY., Palmieri, F., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2021. Communications in Computer and Information Science, vol 1544. Springer, Singapore. https://doi.org/10.1007/978-981-16-9576-6_24
Download citation
DOI: https://doi.org/10.1007/978-981-16-9576-6_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-9575-9
Online ISBN: 978-981-16-9576-6
eBook Packages: Computer ScienceComputer Science (R0)