Automatic Analysis and Reasoning Based on Vulnerability Knowledge Graph

Abstract

In the security community, it is valuable to extract and store the vulnerability knowledge. Many data sources record vulnerability in unstructured data and semi-structured data which are hard for machine-understanding and reuse. Security expert need to analyze the description, link to related knowledge and reason out the hidden connection among various weakness. It is necessary to analyze the vulnerability data automatically and manage knowledge in a more intelligent method. In this paper, we propose a model for automatic analysis and reasoning based on the vulnerability knowledge graph. The vulnerability knowledge graph is extracted from several widely used vulnerability databases and stored in the graph database. Natural language processing technique is used to process and analyze the latest vulnerability description. The extracted entity will be linked to the vulnerability knowledge graph and added as new knowledge. Reasoning function can find hidden relationships among weaknesses based on the knowledge graph. Finally, we present sample cases to demonstrate the practical usage of the model.