Abstract
To address the challenge of analyzing large-scale penetration attacks under complex multi-relational and multi-hop paths, this paper proposes a graph convolutional neural network-based attack knowledge inference method, KGConvE, aimed at intelligent reasoning and effective association mining of implicit network attack knowledge. The core idea of this method is to obtain knowledge embeddings related to CVE, CWE, and CAPEC, which are then used to construct attack context feature data and a relation matrix. Subsequently, we employ a graph convolutional neural network model to classify the attacks, and use the KGConvE model to perform attack inference within the same attack category. Through improvements to the graph convolutional neural network model, we significantly enhance the accuracy and generalization capability of the attack classification task. Furthermore, we are the first to apply the KGConvE model to perform attack inference tasks. Experimental results show that this method can infer implicit relationships between CVE-CVE, CVE-CWE, and CVE-CAPEC, achieving a significant performance improvement in network attack knowledge inference tasks, with a mean reciprocal rank (MRR) of 0.68 and Hits@10 of 0.58, outperforming baseline methods.