Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database

Anders Høst, Pierre Lison, Leon Moonen

Abstract
Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the National Vulnerability Database (NVD). Our approach combines named entity recognition (NER), relation extraction (RE), and entity prediction using a combination of neural models, heuristic rules, and knowledge graph embeddings. We demonstrate how our method helps to fix missing entities in knowledge graphs used for cybersecurity and evaluate the performance.
Anthology ID:
2023.nodalida-1.40
Volume:
Proceedings of the 24th Nordic Conference on Computational Linguistics (NoDaLiDa)
Month:
May
Year:
2023
Address:
Tórshavn, Faroe Islands
Editors:
Tanel Alumäe, Mark Fishel
Venue:
NoDaLiDa
SIG:
Publisher:
University of Tartu Library
Note:
Pages:
386–391
Language:
URL:
https://preview.aclanthology.org/fix-sig-urls/2023.nodalida-1.40/
DOI:
Bibkey:
Cite (ACL):
Anders Høst, Pierre Lison, and Leon Moonen. 2023. Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database. In Proceedings of the 24th Nordic Conference on Computational Linguistics (NoDaLiDa), pages 386–391, Tórshavn, Faroe Islands. University of Tartu Library.
Cite (Informal):
Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability Database (Høst et al., NoDaLiDa 2023)
Copy Citation:
PDF:
https://preview.aclanthology.org/fix-sig-urls/2023.nodalida-1.40.pdf
PDF Cite Search Fix data