Abstract
This research presents a novel approach for network security vulnerability association analysis and prediction leveraging knowledge graph technology. We construct a comprehensive vulnerability knowledge graph that captures semantic relationships between vulnerabilities, attack patterns, and affected systems by integrating data from multiple sources including NVD, CVE, and vendor security bulletins. Our methodology encompasses three complementary analysis approaches: semantic association analysis using path-based algorithms, temporal association analysis employing multi-scale time-series techniques, and attack chain association analysis through exploitation chain construction. The prediction framework combines knowledge graph embeddings, graph neural networks, and multi-modal feature fusion to forecast vulnerability exploitation with 89.2% accuracy within a 30-day window, significantly outperforming statistical baselines (71.3%) and non-knowledge graph methods (82.6%). Experimental evaluation on real-world datasets demonstrates that our semantic association analysis achieved 0.87 precision and 0.82 recall (F1: 0.84), outperforming baselines by 18.7%. Our attack chain discovery identified 76.8% of known attack chains while discovering 23 previously undocumented but plausible vectors. The system maintained 83.7% performance with 30% missing attributes, demonstrating robust adaptability to real-world challenges. In enterprise deployment, our approach identified 37 critical vulnerability associations and predicted 14 high-priority vulnerabilities, with 11 being missed by existing tools. The methodology aids in the proactive cybersecurity management in networks that are becoming increasingly complex.
References
Zhang K, Liu J. Review on the application of knowledge graph in cyber security assessment[C]//IOP Conference Series: Materials Science and Engineering. IOP Publishing, 2020, 768(5): 052103.
Liu K, Wang F, Ding Z, et al. Recent progress of using knowledge graph for cybersecurity. Electronics, 2022, 11(15): 2287.
Chen J, Lu Y, Zhang Y, et al. A management knowledge graph approach for critical infrastructure protection: Ontology design, information extraction and relation prediction. International Journal of Critical Infrastructure Protection, 2023, 43: 100634.
Zhang Y, Chen J, Cheng Z, et al. Edge propagation for link prediction in requirement-cyber threat intelligence knowledge graph. Information Sciences, 2024, 653: 119770.
Liu K, Wang F, Ding Z, et al. A review of knowledge graph application scenarios in cyber security. arXiv preprint arXiv:2204.04769, 2022.
Ismail M, Alrabaee S, Choo K K R, et al. A comprehensive evaluation of machine learning algorithms for web application attack detection with knowledge graph integration. Mobile Networks and Applications, 2024, 29(3): 1008–1037.
Zou Z, Wang B, Li F, et al. Research on Network Security Threat Analysis Method Based on Knowledge Graph[C]//2024 IEEE 7th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). IEEE, 2024, 7: 668–672.
Chen Z, Zuo X, Hou B, et al. Research on automatic vulnerability mining model based on knowledge graph. International Journal on Artificial Intelligence Tools, 2020, 29(07n08): 2040024.
Luo W. Network Security Situation Prediction Technology Based on Fusion of Knowledge Graph. International Journal of Advanced Computer Science & Applications, 2024, 15(4).
Jiao J, Li W, Guo D. The Vulnerability Relationship Prediction Research for Network Risk Assessment. Electronics, 2024, 13(17): 3350.
Wu, Q. “Network Security Maintenance and Detection Based on Diversified Features and Knowledge Graph”. Journal of Cyber Security and Mobility, 14(02), 2025, 339–364.
Zhang S, Zhao C, Wang S, et al. Attack prediction in Internet of Things using knowledge graph[C]//3rd International Conference on Internet of Things and Smart City (IoTSC 2023). SPIE, 2023, 12708: 152–164.
Almazrouei O S M B H, Magalingam P, Hasan M K, et al. A review on attack graph analysis for iot vulnerability assessment: challenges, open issues, and future directions. IEEE Access, 2023, 11: 44350–44376.
Alqahtani H, Kumar G. Deep learning-based intrusion detection system for in-vehicle networks with knowledge graph and statistical methods. International Journal of Machine Learning and Cybernetics, 2024: 1–17.
Pingle A, Piplai A, Mittal S, et al. Relext: Relation extraction using deep learning approaches for cybersecurity knowledge graph improvement[C]//Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. 2019: 879–886.
Kaiser F K, Dardik U, Elitzur A, et al. Attack hypotheses generation based on threat intelligence knowledge graph. IEEE Transactions on Dependable and Secure Computing, 2023, 20(6): 4793–4809.
Høst A M. Constructing a vulnerability knowledge graph. Norwegian University of Life Sciences, Ås, 2022.
Rastogi N, Dutta S, Christian R, et al. Information prediction using knowledge graphs for contextual malware threat intelligence. arXiv preprint arXiv:2102.05571, 2021.
Yuan L, Bai Y, Xing Z, et al. Predicting entity relations across different security databases by using graph attention network[C]//2021 IEEE 45th annual computers, software, and applications conference (COMPSAC). IEEE, 2021: 834–843.
Wang P, Liu J, Zhong X, et al. A Cybersecurity Knowledge Graph Completion Method for Penetration Testing. Electronics, 2023, 12(8): 1837.
Bhattacharya S. Knowledge Graphs for Software Security Assessments and Cyber Threat Intelligence. Norwegian University of Life Sciences, 2024.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2025 Journal of Cyber Security and Mobility