Journal of Computer Applications ›› 2025, Vol. 45 ›› Issue (1): 24-31.DOI: 10.11772/j.issn.1001-9081.2024010136

• Artificial intelligence • Previous Articles     Next Articles

Potential relation mining in internet of things threat intelligence knowledge graph

Zidong CHENG1, Peng LI1,2(), Feng ZHU1   

  1. 1.School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing Jiangsu 210023,China
    2.Institute of Network Security and Trusted Computing,Nanjing University of Posts and Telecommunications,Nanjing Jiangsu 210023,China
  • Received:2024-02-06 Revised:2024-03-27 Accepted:2024-03-27 Online:2024-05-09 Published:2025-01-10
  • Contact: Peng LI
  • About author:CHENG Zidong, born in 1998, M. S. candidate. His research interests include internet of things security, knowledge graph construction.
    ZHU Feng, born in 1987, Ph. D., lecturer. His research interests include wireless sensor network, information security.
  • Supported by:
    National Natural Science Foundation of China(62102194);“Six Talent Peaks” High-Level Talents Project of Jiangsu Province(RJFW-111)

物联网威胁情报知识图谱中潜在关系的挖掘

程子栋1, 李鹏1,2(), 朱枫1   

  1. 1.南京邮电大学 计算机学院、软件学院、网络空间安全学院,南京 210023
    2.南京邮电大学 网络安全与可信计算研究所,南京 210023
  • 通讯作者: 李鹏
  • 作者简介:程子栋(1998—),男,安徽滁州人,硕士研究生,主要研究方向:物联网安全、知识图谱构建;
    朱枫(1987—),男,安徽合肥人,讲师,博士,主要研究方向:无线传感器网络、信息安全。
  • 基金资助:
    国家自然科学基金资助项目(62102194);江苏省“六大人才高峰”高层次人才项目(RJFW-111)

Abstract:

Knowledge graph plays a crucial role in the sharing and utilization of Internet of Things Threat Intelligence (ITI). Graph Neural Network (GNN) can be applied to tasks of knowledge representation in ITI Knowledge Graph (ITIKG), thereby mining potential relations in ITIKG. However, most existing GNNs fail to consider the influence of node types on node representation capability and employ random sampling strategies for node sampling during node information aggregation, leading to an inability to distinguish neighbors at different distances and a lack of consideration for correlations among or importance of nodes. To address these issues, firstly ITIKG was constructed on the basis of various data sources. Subsequently, a deterministic sampling method was designed to sample the neighbors of root node based on node importance, and consider the distance between neighbors and root node, as well as the centrality measurement of neighbors in the graph, namely Katz centrality and betweenness centrality. Finally, embedding and aggregation methods of node, node modality, and node type were devised. On this basis, a Deterministic Multimodal Heterogeneous Graph Neural Network (DM-HGNN) model was proposed. Experimental results on link prediction in the constructed ITIKG demonstrate that the performance of DM-HGNN model is better than that of knowledge representation models such as metapath2vec, Multi-modal Knowledge Graph Representation Learning (MMKRL), and Complex Graph Convolutional Network (ComplexGCN). Compared to the suboptimal model MMKRL, DM-HGNN model exhibits an improvement of 6.8% in Area Under the Curve (AUC) and 7.1% in F1-score, indicating the effectiveness and advancement of DM-HGNN model in link prediction tasks.

Key words: Internet of Things (IoT) security, threat intelligence, knowledge graph, Graph Neural Network (GNN), knowledge representation, link prediction

摘要:

知识图谱对实现物联网威胁情报(ITI)的共享与利用具有重要意义,图神经网络(GNN)可以应用于ITI知识图谱(ITIKG)的知识表示任务,进而挖掘ITIKG的潜在关系;然而,当前大多数GNN没有考虑节点类型对节点表示能力的影响,且在节点信息聚合过程中使用随机策略进行节点采样,导致这些GNN不能区分不同距离的邻居,且没有考虑节点之间的关联性或重要性。为了解决这些问题,首先,基于不同数据源构建ITIKG;然后,设计确定性采样方法,从而基于节点的重要性采样根节点的邻居,并且考虑邻居距根节点的距离以及邻居在图中的中心性度量,即Katz中心性和中介中心性;最后,设计节点、节点模态和节点类型的嵌入和聚合方法。在此基础上,提出基于确定性采样的多模态异构图神经网络(DM-HGNN)模型。在所构建的ITIKG上的链接预测实验的结果表明,DM-HGNN模型的性能优于metapath2vec、多模态知识图谱表示学习模型(MMKRL)以及复杂图卷积网络(ComplexGCN)等知识表示模型,相较于次优模型MMKRL,DM-HGNN模型在曲线下面积(AUC)上提高了6.8%,在F1值上提高了7.1%,展示了DM-HGNN模型在链接预测任务上有效性和先进性。

关键词: 物联网安全, 威胁情报, 知识图谱, 图神经网络, 知识表示, 链接预测

CLC Number: