Uncovering CWE-CVE-CPE Relations with Threat Knowledge Graphs
Authors
Zhenpeng Shi, Boston University, USA; Nikolay Matyunin, Honda Research Institute Europe GmbH, Germany; Kalman Graffi, Technische Hochschule Bingen, Germany; David Starobinski, Boston University, USA
Abstract
Security assessment relies on public information about products, vulnerabilities, and weaknesses. So far, databases in these categories have rarely been analyzed in combination. Yet, doing so could help predict unreported vulnerabilities and identify common threat patterns. In this paper, we propose a methodology for producing and optimizing a knowledge graph that aggregates knowledge from common threat databases (CVE, CWE, and CPE). We apply the threat knowledge graph to predict associations between threat databases, specifically between products, vulnerabilities, and weaknesses. We evaluate the prediction performance both in closed world with associations from the knowledge graph, and in open world with associations revealed afterward. Using rank-based metrics (i.e., Mean Rank, Mean Reciprocal Rank, and Hits@N scores), we demon- strate the ability of the threat knowledge graph to uncover many associations that are currently unknown but will be revealed in the future, which remains useful over different time periods. We propose approaches to optimize the knowledge graph, and show that they indeed help in further uncovering associations.
Notes
See arXiv preprint arXiv:2305.00632 (2023). Submitted for possible journal publication. This work is associated with the “Improving Cyber Security Operations using Knowledge Graphs“ project but represents the culmination of work that started prior to that project.