Application Research on Two-Layer Threat Prediction Model Based on Event Graph

作     者：Shuqin Zhang Xinyu Su Yunfei Han Tianhui Du Peiyu Shi 

作者机构：School of Computer ScienceZhongyuan University of TechnologyZhengzhouHEN037China 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2023年第77卷第12期

页      面：3993-4023页

核心收录：

学科分类：07[理学] 0701[理学-数学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Knowledge graph multi-source data fusion network security threat modeling event graph absorbing Markov chain threat propagation path 

摘      要：Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats.To address the above problems,firstly,this paper constructs the multi-source threat element analysis ontology(MTEAO)by integrating multi-source network security knowledge bases.Subsequently,based on MTEAO,we propose a two-layer threat prediction model(TL-TPM)that combines the knowledge graph and the event graph.The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making;The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events.The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend,and the early warning results are more precise and scientific,offering knowledge and guidance for active defense.