Abstract
Software security knowledge involves heterogeneous security concepts (e.g., software weaknesses and attack patterns) and security instances (e.g., the vulnerabilities of a particular software product), which can be regarded as software security entities. Among software security entities, there are many within-type relationships as well as many across-type relationships. Predicting software security entity relationships helps to enrich software security knowledge (e.g., finding missing relationships among existing entities). Unfortunately, software security entities are currently documented in separate databases, such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC). This hyper-document representation cannot support effective reasoning of software entity relationships. In this paper, we propose to consolidate heterogeneous software security concepts and instances from separate databases into a coherent knowledge graph. We develop a knowledge graph embedding method which embeds the symbolic relational and descriptive information of software security entities into a continuous vector space. The resulting entity and relationship embeddings are predictive for software security entity relationships. Based on the Open World Assumption, we conduct extensive experiments to evaluate the effectiveness of our knowledge graph based approach for predicting various within-type and across-type relationships of software security entities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbes, M., Kechaou, Z., Alimi, A.M.: Enhanced deep learning models for sentiment analysis in Arab social media. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 667–676. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_68
Bollacker, K., Evans, C., Paritosh, P., Sturge, T., Taylor, J.: Freebase: a collaboratively created graph database for structuring human knowledge. In: SIGMOD (2008)
Bordes, A., Usunier, N., Garcia-Duran, A., Weston, J., Yakhnenko, O.: Translating embeddings for modeling multi-relational data. In: NIPS, pp. 2787–2795 (2013)
Drumond, L., Rendle, S., Schmidt-Thieme, L.: Predicting RDF triples in incomplete knowledge bases with tensor factorization. In: SAC, pp. 326–331. ACM (2012)
Han, Z., Li, X., Liu, H., Xing, Z., Feng, Z.: DeepWeak: reasoning common software weaknesses via knowledge graph embedding. In: SANER, pp. 456–466. IEEE (2018)
Han, Z., Li, X., Xing, Z., Liu, H., Feng, Z.: Learning to predict severity of software vulnerability using only vulnerability description. In: ICSME, pp. 125–136 (2017)
Kalchbrenner, N., Grefenstette, E., Blunsom, P.: A convolutional neural network for modelling sentences. In: ACL, pp. 655–665 (2014)
Kim, Y.: Convolutional neural networks for sentence classification. In: EMNLP (2014)
Lehmann, J., Isele, R., Jakob, M., et al.: DBpedia-a large-scale, multilingual knowledge base extracted from Wikipedia. Semant. Web 6(2), 167–195 (2015)
Li, H., et al.: Improving API Caveats accessibility by mining API Caveats knowledge graph. In: ICSME. IEEE (2018)
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. In: ICLR (2013)
Ruohonen, J., Leppänen, V.: Toward validation of textual information retrieval techniques for software weaknesses. In: Elloumi, M., et al. (eds.) DEXA 2018. CCIS, vol. 903, pp. 265–277. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99133-7_22
Wilcoxon, F.: Individual comparisons by ranking methods. Biom. Bull. 1(6), 80–83 (1945)
Wu, Y., Gandhi, R.A., Siy, H.: Using semantic templates to study vulnerabilities recorded in large software repositories. In: ICSE, pp. 22–28. ACM (2010)
Xie, R., Liu, Z., Jia, J., Luan, H., Sun, M.: Representation learning of knowledge graphs with entity descriptions. In: AAAI, pp. 2659–2665 (2016)
Zhen, W., Zhang, J., Feng, J., Zheng, C.: Knowledge graph embedding by translating on hyperplanes. In: AAAI, pp. 1112–1119 (2014)
Acknowledgement
This work is supported in part by National Natural Science Foundation of China (Nos. 61572349, 61872262).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Xiao, H., Xing, Z., Li, X., Guo, H. (2019). Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach. In: Gedeon, T., Wong, K., Lee, M. (eds) Neural Information Processing. ICONIP 2019. Lecture Notes in Computer Science(), vol 11955. Springer, Cham. https://doi.org/10.1007/978-3-030-36718-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-36718-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36717-6
Online ISBN: 978-3-030-36718-3
eBook Packages: Computer ScienceComputer Science (R0)