Skip to main content
SpringerLink
Log in

Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach

  • Conference paper
  • First Online:
Neural Information Processing (ICONIP 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11955))

Included in the following conference series:

Abstract

Software security knowledge involves heterogeneous security concepts (e.g., software weaknesses and attack patterns) and security instances (e.g., the vulnerabilities of a particular software product), which can be regarded as software security entities. Among software security entities, there are many within-type relationships as well as many across-type relationships. Predicting software security entity relationships helps to enrich software security knowledge (e.g., finding missing relationships among existing entities). Unfortunately, software security entities are currently documented in separate databases, such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC). This hyper-document representation cannot support effective reasoning of software entity relationships. In this paper, we propose to consolidate heterogeneous software security concepts and instances from separate databases into a coherent knowledge graph. We develop a knowledge graph embedding method which embeds the symbolic relational and descriptive information of software security entities into a continuous vector space. The resulting entity and relationship embeddings are predictive for software security entity relationships. Based on the Open World Assumption, we conduct extensive experiments to evaluate the effectiveness of our knowledge graph based approach for predicting various within-type and across-type relationships of software security entities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abbes, M., Kechaou, Z., Alimi, A.M.: Enhanced deep learning models for sentiment analysis in Arab social media. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 667–676. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_68

    Chapter  Google Scholar 

  2. Bollacker, K., Evans, C., Paritosh, P., Sturge, T., Taylor, J.: Freebase: a collaboratively created graph database for structuring human knowledge. In: SIGMOD (2008)

    Google Scholar 

  3. Bordes, A., Usunier, N., Garcia-Duran, A., Weston, J., Yakhnenko, O.: Translating embeddings for modeling multi-relational data. In: NIPS, pp. 2787–2795 (2013)

    Google Scholar 

  4. Drumond, L., Rendle, S., Schmidt-Thieme, L.: Predicting RDF triples in incomplete knowledge bases with tensor factorization. In: SAC, pp. 326–331. ACM (2012)

    Google Scholar 

  5. Han, Z., Li, X., Liu, H., Xing, Z., Feng, Z.: DeepWeak: reasoning common software weaknesses via knowledge graph embedding. In: SANER, pp. 456–466. IEEE (2018)

    Google Scholar 

  6. Han, Z., Li, X., Xing, Z., Liu, H., Feng, Z.: Learning to predict severity of software vulnerability using only vulnerability description. In: ICSME, pp. 125–136 (2017)

    Google Scholar 

  7. Kalchbrenner, N., Grefenstette, E., Blunsom, P.: A convolutional neural network for modelling sentences. In: ACL, pp. 655–665 (2014)

    Google Scholar 

  8. Kim, Y.: Convolutional neural networks for sentence classification. In: EMNLP (2014)

    Google Scholar 

  9. Lehmann, J., Isele, R., Jakob, M., et al.: DBpedia-a large-scale, multilingual knowledge base extracted from Wikipedia. Semant. Web 6(2), 167–195 (2015)

    Article  Google Scholar 

  10. Li, H., et al.: Improving API Caveats accessibility by mining API Caveats knowledge graph. In: ICSME. IEEE (2018)

    Google Scholar 

  11. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. In: ICLR (2013)

    Google Scholar 

  12. Ruohonen, J., Leppänen, V.: Toward validation of textual information retrieval techniques for software weaknesses. In: Elloumi, M., et al. (eds.) DEXA 2018. CCIS, vol. 903, pp. 265–277. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99133-7_22

    Chapter  Google Scholar 

  13. Wilcoxon, F.: Individual comparisons by ranking methods. Biom. Bull. 1(6), 80–83 (1945)

    Article  Google Scholar 

  14. Wu, Y., Gandhi, R.A., Siy, H.: Using semantic templates to study vulnerabilities recorded in large software repositories. In: ICSE, pp. 22–28. ACM (2010)

    Google Scholar 

  15. Xie, R., Liu, Z., Jia, J., Luan, H., Sun, M.: Representation learning of knowledge graphs with entity descriptions. In: AAAI, pp. 2659–2665 (2016)

    Google Scholar 

  16. Zhen, W., Zhang, J., Feng, J., Zheng, C.: Knowledge graph embedding by translating on hyperplanes. In: AAAI, pp. 1112–1119 (2014)

    Google Scholar 

Download references

Acknowledgement

This work is supported in part by National Natural Science Foundation of China (Nos. 61572349, 61872262).

Author information

Authors and Affiliations

  1. Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing, Tianjin University, Tianjin, 300350, China

    Hongbo Xiao, Xiaohong Li & Hao Guo

  2. Research School of Computer Science, Australian National University, Canberra, ACT, 2600, Australia

    Zhenchang Xing

Authors
  1. Hongbo Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhenchang Xing
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaohong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hao Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaohong Li .

Editor information

Editors and Affiliations

  1. Australian National University, Canberra, ACT, Australia

    Tom Gedeon

  2. Murdoch University, Murdoch, WA, Australia

    Kok Wai Wong

  3. Kyungpook National University, Daegu, Korea (Republic of)

    Minho Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xiao, H., Xing, Z., Li, X., Guo, H. (2019). Embedding and Predicting Software Security Entity Relationships: A Knowledge Graph Based Approach. In: Gedeon, T., Wong, K., Lee, M. (eds) Neural Information Processing. ICONIP 2019. Lecture Notes in Computer Science(), vol 11955. Springer, Cham. https://doi.org/10.1007/978-3-030-36718-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36718-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36717-6

  • Online ISBN: 978-3-030-36718-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation