Open Access

ARTICLE

Application Research on Two-Layer Threat Prediction Model Based on Event Graph

Shuqin Zhang, Xinyu Su^*, Yunfei Han, Tianhui Du, Peiyu Shi

School of Computer Science, Zhongyuan University of Technology, Zhengzhou, HEN037, China

* Corresponding Author: Xinyu Su. Email:

Computers, Materials & Continua 2023, 77(3), 3993-4023. https://doi.org/10.32604/cmc.2023.044526

Received 01 August 2023; Accepted 19 October 2023; Issue published 26 December 2023

Abstract

Advanced Persistent Threat (APT) is now the most common network assault. However, the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks. They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats. To address the above problems, firstly, this paper constructs the multi-source threat element analysis ontology (MTEAO) by integrating multi-source network security knowledge bases. Subsequently, based on MTEAO, we propose a two-layer threat prediction model (TL-TPM) that combines the knowledge graph and the event graph. The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making; The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events. The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend, and the early warning results are more precise and scientific, offering knowledge and guidance for active defense.

---

Keywords

---