Research on Knowledge Graph Model for Cybersecurity Logs Based on Ontology and Classified Protection

Abstract

In order to audit and analyse cybersecurity events from massive logs, the knowledge graph model for cybersecurity logs is proposed. The data layer and the pattern layer of the knowledge graph model for cybersecurity logs is obtained based on ontology and classified protection. Entity classification of cybersecurity logs is extracted by using classified protection standards in the data layer of the knowledge graph. The relationship and attribute of ontology from cybersecurity logs is defined. The pattern layer of the knowledge graph model for cybersecurity logs is defined, classified protection data is integrated in entity alignment, and classified protection information gain is used in ontology construction. The structure of the knowledge graph for cybersecurity logs is given. So that the efficient association and deep mining analysis of cybersecurity logs are realized, and it can be directly analysed and processed on the data without the need for precise modelling of the problem. The efficiency of logs analysis is improved. The model has heuristic characteristics and generalization abstract ability, and the model is suitable for big data analysis of large-scale cybersecurity logs.