Knowledge Graphs for Software Security Assessments and Cyber Threat Intelligence.

Abstract

In the dynamic field of cybersecurity, the identification and mitigation of software vulnerabilities are critical for safeguarding digital infrastructures. This thesis explores the integration of Knowledge Graphs with language modeling techniques to enhance security assessments of Cyber Threat Intelligence reports. The research delves into the challenges faced by traditional machine learning approaches in predicting attack techniques from these reports and proposes a methodology that combines the strengths of Pretrained Language Models and Knowledge Embeddings to improve predictive accuracy. The study, utilizing the Threat Report ATT&CK Mapper dataset, expands on the Knowledge Embedding and Pre-trained LanguagE Representation model to encode textual Cyber Threat Intelligence descriptions into Knowledge Graph triples for training the Knowledge Embedding objective, while simultaneously using the same descriptions for training a Masked Language Model objective. The two top-performing models from this study show better Precision, Re-call, and F1 scores than the Threat Report ATT&CK Mapper tool when trained and evaluated on the same dataset. These findings suggest that the proposed approach is a viable method of predicting Attack Techniques from CTI reports. The thesis presents a practical approach to the application of Knowledge Graphs for cybersecurity, offering a framework for the automated analysis of cyber threats.