Cybersecurity Entity Alignment via Masked Graph Attention Networks
This work addresses the challenge of integrating fragmented cybersecurity data for improved threat assessment, though it is incremental as it adapts existing GNN techniques to a new domain.
The paper tackles the problem of aligning cybersecurity vulnerability entities from multiple sources by introducing CEAM, a model that uses masked graph attention networks, and shows it significantly outperforms existing methods on a new cybersecurity-specific dataset.
Cybersecurity vulnerability information is often recorded by multiple channels, including government vulnerability repositories, individual-maintained vulnerability-gathering platforms, or vulnerability-disclosure email lists and forums. Integrating vulnerability information from different channels enables comprehensive threat assessment and quick deployment to various security mechanisms. Efforts to automatically gather such information, however, are impeded by the limitations of today's entity alignment techniques. In our study, we annotate the first cybersecurity-domain entity alignment dataset and reveal the unique characteristics of security entities. Based on these observations, we propose the first cybersecurity entity alignment model, CEAM, which equips GNN-based entity alignment with two mechanisms: asymmetric masked aggregation and partitioned attention. Experimental results on cybersecurity-domain entity alignment datasets demonstrate that CEAM significantly outperforms state-of-the-art entity alignment methods.