Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database

doi:10.48550/arXiv.2305.00382

Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database

Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the National Vulnerability Database (NVD). Our approach combines named entity recognition (NER), relation extraction (RE), and entity prediction using a combination of neural models, heuristic rules, and knowledge graph embeddings. We demonstrate how our method helps to fix missing entities in knowledge graphs used for cybersecurity and evaluate the performance.

Publication:

arXiv e-prints

Pub Date:

April 2023

DOI:

10.48550/arXiv.2305.00382

arXiv:

arXiv:2305.00382

Bibcode:

2023arXiv230500382M

Keywords:

Computer Science - Cryptography and Security;
Computer Science - Artificial Intelligence;
Computer Science - Computation and Language;
Computer Science - Software Engineering

E-Print:

Accepted for publication in the 24th Nordic Conference on Computational Linguistics (NoDaLiDa), T\'{o}rshavn, Faroe Islands, May 22nd-24th, 2023. [v2]: added funding acknowledgments

NASA/ADS

Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database

Abstract