Generating Network Security Defense Strategy Based on Cyber Threat Intelligence Knowledge Graph

Network systems are composed of thousands of devices connected in complex network topologies. The diversity and complexity of these devices increase the security risks of network systems. Cyber Threat Intelligence (CTI) contains rich information about devices, cyber, and defenses. However, due to the lack of correlation among security knowledge, some advanced reasoning tasks cannot be performed, such as device attack information and defense strategies. We construct the CTI ontology and knowledge graph, and propose a defense strategy inference model consisting of knowledge graph embedding algorithms CTI-KGE and reasoning rules. CTI-KGE is based on knowledge representation learning, and link prediction tasks can infer the tail entities that have any relationship with the head entity automatically, completing the threat information. Rule reasoning is interpretable, which can generate defense strategies automatically. Finally, we evaluate the effectiveness of the model and demonstrate its feasibility using actual network system scenarios.