Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database
This work addresses the need for improved knowledge graphs in cybersecurity for tasks like vulnerability assessment, though it appears incremental as it builds on existing techniques.
The authors tackled the problem of constructing a vulnerability knowledge graph from the National Vulnerability Database by combining named entity recognition, relation extraction, and entity prediction, resulting in a method that helps fix missing entities in cybersecurity knowledge graphs.
Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the National Vulnerability Database (NVD). Our approach combines named entity recognition (NER), relation extraction (RE), and entity prediction using a combination of neural models, heuristic rules, and knowledge graph embeddings. We demonstrate how our method helps to fix missing entities in knowledge graphs used for cybersecurity and evaluate the performance.