Open Access

ARTICLE

Threat Modeling and Application Research Based on Multi-Source Attack and Defense Knowledge

Shuqin Zhang, Xinyu Su^*, Peiyu Shi, Tianhui Du, Yunfei Han

School of Computer Science, Zhongyuan University of Technology, Zhengzhou, China

* Corresponding Author: Xinyu Su. Email:

(This article belongs to the Special Issue: Transfroming from Data to Knowledge and Applications in Intelligent Systems)

Computers, Materials & Continua 2023, 77(1), 349-377. https://doi.org/10.32604/cmc.2023.040964

Received 06 April 2023; Accepted 25 July 2023; Issue published 31 October 2023

Abstract

Cyber Threat Intelligence (CTI) is a valuable resource for cybersecurity defense, but it also poses challenges due to its multi-source and heterogeneous nature. Security personnel may be unable to use CTI effectively to understand the condition and trend of a cyberattack and respond promptly. To address these challenges, we propose a novel approach that consists of three steps. First, we construct the attack and defense analysis of the cybersecurity ontology (ADACO) model by integrating multiple cybersecurity databases. Second, we develop the threat evolution prediction algorithm (TEPA), which can automatically detect threats at device nodes, correlate and map multi-source threat information, and dynamically infer the threat evolution process. TEPA leverages knowledge graphs to represent comprehensive threat scenarios and achieves better performance in simulated experiments by combining structural and textual features of entities. Third, we design the intelligent defense decision algorithm (IDDA), which can provide intelligent recommendations for security personnel regarding the most suitable defense techniques. IDDA outperforms the baseline methods in the comparative experiment.

---

Keywords

---