Potential relation mining in internet of things threat intelligence knowledge graph

doi:10.11772/j.issn.1001-9081.2024010136

Journal of Computer Applications ›› 2025, Vol. 45 ›› Issue (1): 24-31.DOI: 10.11772/j.issn.1001-9081.2024010136

• Artificial intelligence • Previous Articles Next Articles

Potential relation mining in internet of things threat intelligence knowledge graph

Zidong CHENG¹, Peng LI¹^,²(), Feng ZHU¹

^1.School of Computer Science，Nanjing University of Posts and Telecommunications，Nanjing Jiangsu 210023，China
^2.Institute of Network Security and Trusted Computing，Nanjing University of Posts and Telecommunications，Nanjing Jiangsu 210023，China

Received:2024-02-06 Revised:2024-03-27 Accepted:2024-03-27 Online:2024-05-09 Published:2025-01-10
Contact: Peng LI
About author:CHENG Zidong， born in 1998， M. S. candidate. His research interests include internet of things security， knowledge graph construction.
ZHU Feng， born in 1987， Ph. D.， lecturer. His research interests include wireless sensor network， information security.
Supported by:
National Natural Science Foundation of China(62102194);“Six Talent Peaks” High-Level Talents Project of Jiangsu Province(RJFW-111)

物联网威胁情报知识图谱中潜在关系的挖掘

程子栋¹, 李鹏¹^,²(), 朱枫¹

^1.南京邮电大学计算机学院、软件学院、网络空间安全学院，南京 210023
^2.南京邮电大学网络安全与可信计算研究所，南京 210023

通讯作者: 李鹏
作者简介:程子栋（1998—），男，安徽滁州人，硕士研究生，主要研究方向：物联网安全、知识图谱构建；
朱枫（1987—），男，安徽合肥人，讲师，博士，主要研究方向：无线传感器网络、信息安全。
基金资助:
国家自然科学基金资助项目(62102194);江苏省“六大人才高峰”高层次人才项目(RJFW-111)

Abstract

Abstract:

Knowledge graph plays a crucial role in the sharing and utilization of Internet of Things Threat Intelligence （ITI）. Graph Neural Network （GNN） can be applied to tasks of knowledge representation in ITI Knowledge Graph （ITIKG）， thereby mining potential relations in ITIKG. However， most existing GNNs fail to consider the influence of node types on node representation capability and employ random sampling strategies for node sampling during node information aggregation， leading to an inability to distinguish neighbors at different distances and a lack of consideration for correlations among or importance of nodes. To address these issues， firstly ITIKG was constructed on the basis of various data sources. Subsequently， a deterministic sampling method was designed to sample the neighbors of root node based on node importance， and consider the distance between neighbors and root node， as well as the centrality measurement of neighbors in the graph， namely Katz centrality and betweenness centrality. Finally， embedding and aggregation methods of node， node modality， and node type were devised. On this basis， a Deterministic Multimodal Heterogeneous Graph Neural Network （DM-HGNN） model was proposed. Experimental results on link prediction in the constructed ITIKG demonstrate that the performance of DM-HGNN model is better than that of knowledge representation models such as metapath2vec， Multi-modal Knowledge Graph Representation Learning （MMKRL）， and Complex Graph Convolutional Network （ComplexGCN）. Compared to the suboptimal model MMKRL， DM-HGNN model exhibits an improvement of 6.8% in Area Under the Curve （AUC） and 7.1% in F1-score， indicating the effectiveness and advancement of DM-HGNN model in link prediction tasks.

Key words: Internet of Things (IoT) security, threat intelligence, knowledge graph, Graph Neural Network (GNN), knowledge representation, link prediction

摘要：

知识图谱对实现物联网威胁情报（ITI）的共享与利用具有重要意义，图神经网络（GNN）可以应用于ITI知识图谱（ITIKG）的知识表示任务，进而挖掘ITIKG的潜在关系；然而，当前大多数GNN没有考虑节点类型对节点表示能力的影响，且在节点信息聚合过程中使用随机策略进行节点采样，导致这些GNN不能区分不同距离的邻居，且没有考虑节点之间的关联性或重要性。为了解决这些问题，首先，基于不同数据源构建ITIKG；然后，设计确定性采样方法，从而基于节点的重要性采样根节点的邻居，并且考虑邻居距根节点的距离以及邻居在图中的中心性度量，即Katz中心性和中介中心性；最后，设计节点、节点模态和节点类型的嵌入和聚合方法。在此基础上，提出基于确定性采样的多模态异构图神经网络（DM-HGNN）模型。在所构建的ITIKG上的链接预测实验的结果表明，DM-HGNN模型的性能优于metapath2vec、多模态知识图谱表示学习模型（MMKRL）以及复杂图卷积网络（ComplexGCN）等知识表示模型，相较于次优模型MMKRL，DM-HGNN模型在曲线下面积（AUC）上提高了6.8%，在F1值上提高了7.1%，展示了DM-HGNN模型在链接预测任务上有效性和先进性。

关键词: 物联网安全, 威胁情报, 知识图谱, 图神经网络, 知识表示, 链接预测

CLC Number:

TP181

Zidong CHENG, Peng LI, Feng ZHU. Potential relation mining in internet of things threat intelligence knowledge graph[J]. Journal of Computer Applications, 2025, 45(1): 24-31.

程子栋, 李鹏, 朱枫. 物联网威胁情报知识图谱中潜在关系的挖掘[J]. 《计算机应用》唯一官方网站, 2025, 45(1): 24-31.

Figures/Tables 9

References 30

1	官赛萍，靳小龙，贾岩涛，等.面向知识图谱的知识推理研究进展［J］.软件学报， 2018， 29（10）： 2966-2994.
	GUAN S P， JIN X L， JIA Y T， et al. Knowledge reasoning over knowledge graph： a survey ［J］. Journal of Software， 2018， 29（10）： 2966-2994.
2	FANG Y， LU W， LIU X， et al. CircularE： a complex space circular correlation relational model for link prediction in knowledge graph embedding ［J］. IEEE/ACM Transactions on Audio， Speech， and Language Processing， 2023， 31： 3162-3175.
3	LI M， WANG Y， ZHANG D， et al. Link prediction in knowledge graphs： a hierarchy-constrained approach ［J］. IEEE Transactions on Big Data， 2022， 8（3）： 630-643.
4	WANG J， WANG B， GAO J， et al. TDN： triplet distributor network for knowledge graph completion ［J］. IEEE Transactions on Knowledge and Data Engineering， 2023， 35（12）： 13002-13014.
5	LU X， WANG L， JIANG Z， et al. MMKRL： a robust embedding approach for multi-modal knowledge graph representation learning ［J］. Applied Intelligence， 2022， 52（7）： 7480-7497.
6	DONG Y， CHAWLA N V， SWAMI A. metapath2vec： scalable representation learning for heterogeneous networks ［C］// Proceedings of the 23rd ACM SIGKDD International Conference on knowledge Discovery and Data Mining. New York： ACM， 2017： 135-144.
7	KIPF T N， WELLING M. Semi-supervised classification with graph convolutional networks ［EB/OL］. ［2023-09-20］. .
8	VELIČKOVIĆ P， CUCURULL G， CASANOVA A， et al. Graph attention networks ［EB/OL］. ［2023-10-20］. .
9	HAMILTON W L， YING Z， LESKOVEC J. Inductive representation learning on large graphs ［C］// Proceedings of the 31st International Conference on Neural Information Processing Systems. Red Hook： Curran Associates Inc.， 2017： 1025-1035.
10	HOCHREITER S， SCHMIDHUBER J. Long short-term memory ［J］. Neural Computation， 1997， 9（8）： 1735-1780.
11	SCHLICHTKRULL M， KIPF T N， BLOEM P， et al. Modeling relational data with graph convolutional networks ［C］// Proceedings of the 2018 European Semantic Web Conference， LNCS 10843. Cham： Springer， 2018： 593-607.
12	ZHANG C， SONG D， HUANG C， et al. Heterogeneous graph neural network ［C］// Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York： ACM， 2019： 793-803.
13	ZEB A， SAIF S， CHEN J， et al. Complex graph convolutional network for link prediction in knowledge graphs ［J］. Expert Systems with Applications， 2022， 200： No.116796.
14	YANG J， YANG L T， WANG H， et al. Tensor graph attention network for knowledge reasoning in Internet of Things ［J］. IEEE Internet of Things Journal， 2022， 9（12）： 9128-9137.
15	YU L， SUN L， DU B， et al. Heterogeneous graph representation learning with relation awareness ［J］. IEEE Transactions on Knowledge and Data Engineering， 2023， 35（6）： 5935-5947.
16	YUAN L， BAI Y， XING Z， et al. Predicting entity relations across different security databases by using graph attention network ［C］// IEEE 45th Annual Computers， Software， and Applications Conference. Piscataway： IEEE， 2021： 834-843.
17	ANSARIZADEH F， TAY D B， THIRUVADY D， et al. Deterministic sampling in heterogeneous graph neural networks ［J］. Pattern Recognition Letters， 2023， 172： 74-81.
18	KATZ L. A new status index derived from sociometric analysis ［J］. Psychometrika， 1953， 18（1）： 39-43.
19	FREEMAN L C. A set of measures of centrality based on betweenness ［J］. Sociometry， 1977， 40（1）： 35-41.
20	NIST Computer Security Division， Information Technology Laboratory. National vulnerability database ［DB/OL］. ［2023-05-08］. .
21	MITRE. Common weakness enumeration ［DB/OL］. ［2023-05-08］. .
22	MITRE. Adversarial tactics， techniques， and common knowledge ［DB/OL］. ［2023-05-08］. .
23	MITRE. Common vulnerabilities and exposures ［EB/OL］. ［2023-05-08］. .
24	MITRE. Common attack pattern enumerations and classifications ［EB/OL］. ［2023-05-18］. .
25	MITRE. Structured Threat Information eXpression — STIX［EB/OL］. ［2023-05-08］. .
26	SOLÁ L， ROMANCE M， CRIADO R， et al. Eigenvector centrality of nodes in multiplex networks ［J］. Chaos， 2013， 23（3）： No.033131.
27	MA N， GUAN J， ZHAO Y. Bringing PageRank to the citation analysis ［J］. Information Processing and Management， 2008， 44 （2）： 800-810.
28	GROVER A， LESKOVEC J. node2vec： scalable feature learning for networks ［C］// Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York： ACM， 2016： 855-864.
29	DEVLIN J， CHANG M W， LEE K， et al. BERT： pre-training of deep bidirectional transformers for language understanding ［C］// Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics： Human Language Technologies， Volume 1（Long and Short Papers）. Stroudsburg： ACL， 2019： 4171-4186.
30	PEROZZI B， AL-RFOU R， SKIENA S. DeepWalk： online learning of social representations ［C］// Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York： ACM， 2014： 701-710.

节点/关系类型	节点/关系数
节点/关系类型	训练集	测试集
设备	1 085	465
软件	3 640	1 561
操作系统	853	366
工具	56	24
弱点	95	40
漏洞	2 584	1 107
威胁执行者	95	40
攻击模式	391	168
恶意软件	379	163
威胁活动	219	94
缓解措施	675	289
指示器	598	256
has	6 295	2 698
target	5 694	2 440
use	5 782	2 478
exploit	8 497	3 641
related-to	5 178	2 219

节点/关系类型	节点/关系数
节点/关系类型	训练集	测试集
设备	1 085	465
软件	3 640	1 561
操作系统	853	366
工具	56	24
弱点	95	40
漏洞	2 584	1 107
威胁执行者	95	40
攻击模式	391	168
恶意软件	379	163
威胁活动	219	94
缓解措施	675	289
指示器	598	256
has	6 295	2 698
target	5 694	2 440
use	5 782	2 478
exploit	8 497	3 641
related-to	5 178	2 219

模型	has		target		use		exploit		related-to		所有关系
模型	AUC	F1	AUC	F1	AUC	F1	AUC	F1	AUC	F1	AUC	F1
text-enhanced GAT	0.732	0.715	0.678	0.603	0.742	0.713	0.694	0.655	0.761	0.761	0.721	0.689
HetGNN	0.767	0.744	0.736	0.711	0.772	0.739	0.727	0.699	0.767	0.764	0.754	0.731
metapath2vec	0.712	0.677	0.701	0.595	0.737	0.690	0.744	0.694	0.788	0.780	0.736	0.687
MMKRL	0.779	0.736	0.746	0.726	0.788	0.759	0.775	0.756	0.792	0.786	0.776	0.753
ComplexGCN	0.762	0.751	0.729	0.712	0.784	0.758	0.715	0.708	0.776	0.769	0.753	0.740
DM-HGNN	0.829	0.811	0.835	0.806	0.824	0.801	0.825	0.803	0.834	0.816	0.829	0.807

模型	has		target		use		exploit		related-to		所有关系
模型	AUC	F1	AUC	F1	AUC	F1	AUC	F1	AUC	F1	AUC	F1
text-enhanced GAT	0.732	0.715	0.678	0.603	0.742	0.713	0.694	0.655	0.761	0.761	0.721	0.689
HetGNN	0.767	0.744	0.736	0.711	0.772	0.739	0.727	0.699	0.767	0.764	0.754	0.731
metapath2vec	0.712	0.677	0.701	0.595	0.737	0.690	0.744	0.694	0.788	0.780	0.736	0.687
MMKRL	0.779	0.736	0.746	0.726	0.788	0.759	0.775	0.756	0.792	0.786	0.776	0.753
ComplexGCN	0.762	0.751	0.729	0.712	0.784	0.758	0.715	0.708	0.776	0.769	0.753	0.740
DM-HGNN	0.829	0.811	0.835	0.806	0.824	0.801	0.825	0.803	0.834	0.816	0.829	0.807

[1]	Xueqiang LYU, Tao WANG, Xindong YOU, Ge XU. HTLR： named entity recognition framework with hierarchical fusion of multi-knowledge [J]. Journal of Computer Applications, 2025, 45(1): 40-47.
[2]	Rui LI, Guanfeng LI, Dezhou HU, Wenxin GAO. Knowledge graph multi-hop reasoning model fusing path and subgraph features [J]. Journal of Computer Applications, 2025, 45(1): 32-39.
[3]	Wenbo ZHAO, Zitong MA, Zhe YANG. Link prediction model based on directed hypergraph adaptive convolution [J]. Journal of Computer Applications, 2025, 45(1): 15-23.
[4]	Tingjie TANG, Jiajin HUANG, Jin QIN. Session-based recommendation with graph auxiliary learning [J]. Journal of Computer Applications, 2024, 44(9): 2711-2718.
[5]	Guixiang XUE, Hui WANG, Weifeng ZHOU, Yu LIU, Yan LI. Port traffic flow prediction based on knowledge graph and spatio-temporal diffusion graph convolutional network [J]. Journal of Computer Applications, 2024, 44(9): 2952-2957.
[6]	Jie WU, Ansi ZHANG, Maodong WU, Yizong ZHANG, Congbao WANG. Overview of research and application of knowledge graph in equipment fault diagnosis [J]. Journal of Computer Applications, 2024, 44(9): 2651-2659.
[7]	Yubo ZHAO, Liping ZHANG, Sheng YAN, Min HOU, Mao GAO. Relation extraction between discipline knowledge entities based on improved piecewise convolutional neural network and knowledge distillation [J]. Journal of Computer Applications, 2024, 44(8): 2421-2429.
[8]	Jianjing LI, Guanfeng LI, Feizhou QIN, Weijun LI. Multi-relation approximate reasoning model based on uncertain knowledge graph embedding [J]. Journal of Computer Applications, 2024, 44(6): 1751-1759.
[9]	Youren YU, Yangsen ZHANG, Yuru JIANG, Gaijuan HUANG. Chinese named entity recognition model incorporating multi-granularity linguistic knowledge and hierarchical information [J]. Journal of Computer Applications, 2024, 44(6): 1706-1712.
[10]	Xinrui LIN, Xiaofei WANG, Yan ZHU. Academic anomaly citation group detection based on local extended community detection [J]. Journal of Computer Applications, 2024, 44(6): 1855-1861.
[11]	Jie GUO, Jiayu LIN, Zuhong LIANG, Xiaobo LUO, Haitao SUN. Recommendation method based on knowledge‑awareness and cross-level contrastive learning [J]. Journal of Computer Applications, 2024, 44(4): 1121-1127.
[12]	Xiaoyan ZHAO, Yan KUANG, Menghan WANG, Peiyan YUAN. Device-to-device content sharing mechanism based on knowledge graph [J]. Journal of Computer Applications, 2024, 44(4): 995-1001.
[13]	Dapeng XU, Xinmin HOU. Feature selection method for graph neural network based on network architecture design [J]. Journal of Computer Applications, 2024, 44(3): 663-670.
[14]	Linqin WANG, Te ZHANG, Zhihong XU, Yongfeng DONG, Guowei YANG. Fusing entity semantic and structural information for knowledge graph reasoning [J]. Journal of Computer Applications, 2024, 44(11): 3371-3378.
[15]	Wenjuan JIANG, Yi GUO, Jiaojiao FU. Reasoning question answering model of complex temporal knowledge graph with graph attention [J]. Journal of Computer Applications, 2024, 44(10): 3047-3057.

Potential relation mining in internet of things threat intelligence knowledge graph

物联网威胁情报知识图谱中潜在关系的挖掘

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 30

Related Articles 15

Recommended Articles

Metrics