融合双模态感知的漏洞知识图谱构建与补全方法

张龑; 罗翔宇; 秦紫玥; 张淼; 李志飞

doi:10.12263/DZXB.20250485

您当前的位置：

首页 >

文章列表页 >

融合双模态感知的漏洞知识图谱构建与补全方法

学术论文 | 更新时间：2026-02-05

- 融合双模态感知的漏洞知识图谱构建与补全方法
- Vulnerability Knowledge Graph Construction and Completion with Dual-Modality Perception
- 电子学报 2025年53卷第10期页码：3579-3592
- 作者机构：
  
  1.湖北大学计算机学院，湖北武汉 430062
  2.湖北大学网络空间安全学院，湖北武汉 430062
  3.大数据智能分析与行业应用湖北省重点实验室，湖北武汉 430062
  4.智能感知系统与安全教育部重点实验室，湖北武汉 430062
  5.智能网联汽车网络安全湖北省工程研究中心，湖北武汉 430062
- 作者简介：
  
  [ "张龑男，1974年出生于湖北省宜昌市.现为湖北大学计算机学院教授、博士生导师.主要研究方向为代码安全.E-mail: zhangyan@hubu.edu.cn" ]
  [ "罗翔宇男，2001年出生于湖北省宜昌市.现为湖北大学网络空间安全学院硕士研究生.主要研究方向为知识图谱、网络安全.E-mail: xyluo@stu.hubu.edu.cn" ]
  [ "秦紫玥女，2002年出生于湖北省荆门市.现为湖北大学计算机学院硕士研究生.主要研究方向为知识图谱. E-mail: 202421116012622@stu.hubu.edu.cn" ]
  [ "张淼男，1993年出生于湖北省黄冈市.现为湖北大学计算机学院副教授、硕士生导师.主要研究领域为智能问答、语言模型、教育大数据、知识图谱等.E-mail: zhangmiao@hubu.edu.cn" ]
  [ "李志飞男，1993年出生于湖北省咸宁市.现为湖北大学计算机学院副教授、研究生导师.主要研究方向为知识图谱、推荐系统和智能问答.E-mail: zhifei1993@hubu.edu.cn" ]
- 基金信息：
  
  国家自然科学基金(62207011;62407013);湖北省自然科学基金(2025AFB653);湖北省重大科技专项项目(2024BAA008)
- DOI：10.12263/DZXB.20250485
  中图分类号： TP309;
- 收稿：2025-06-06，
  
  修回：2025-10-09，
  
  纸质出版：2025-10-25
- 稿件说明：
移动端阅览
张龑, 罗翔宇, 秦紫玥, 等. 融合双模态感知的漏洞知识图谱构建与补全方法[J]. 电子学报, 2025, 53(10): 3579-3592.

ZHANG Yan, LUO Xiang-yu, QIN Zi-yue, et al. Vulnerability Knowledge Graph Construction and Completion with Dual-Modality Perception[J]. Acta Electronica Sinica, 2025, 53(10): 3579-3592.
张龑, 罗翔宇, 秦紫玥, 等. 融合双模态感知的漏洞知识图谱构建与补全方法[J]. 电子学报, 2025, 53(10): 3579-3592. DOI：10.12263/DZXB.20250485

ZHANG Yan, LUO Xiang-yu, QIN Zi-yue, et al. Vulnerability Knowledge Graph Construction and Completion with Dual-Modality Perception[J]. Acta Electronica Sinica, 2025, 53(10): 3579-3592. DOI：10.12263/DZXB.20250485

摘要

漏洞知识图谱作为网络安全知识建模的重要工具，在漏洞分析、威胁建模、安全态势感知和攻击链追踪等关键任务中发挥着日益重要的作用.与通用知识图谱覆盖领域广、更新周期长，侧重于通用知识与关系建模不同的是，漏洞知识图谱更新频率高，面临着数据异构、语义歧义和知识稀疏的挑战，往往需要融合非结构化描述信息进行联合建模.然而，现有方法仍局限于三元组建模范式，忽略了网络安全知识库中丰富的安全文本信息，导致漏洞知识图谱补全与攻击链预测精度受限.为此，本文提出构建一种漏洞描述知识图谱（Vulnerability description Knowledge Graph，VKG-T），通过联合结构和语义信息，增强漏洞弱点信息的补全能力.同时，本文设计了一种双模态感知聚合的漏洞描述知识图谱补全模型（Vulnerability description Knowledge Graph Completion， VKGC-ST），该模型结合图注意力网络（Graph ATtention networks，GAT）与预训练语言模型，综合考虑实体的结构邻接特征与文本描述信息，并结合多层次负采样与对比学习机制，提升实体语义判别能力和结构关联建模效果.通过在漏洞描述知识图谱VKG-T以及通用数据集FB15K-237、WN18RR上的链接预测实验证明，VKGC-ST在所有指标上均取得最佳性能，其中在漏洞描述知识图谱数据集上平均提升率为9.42%，最大提升率15.51%，展现了优异的泛化能力与领域适应性.

Abstract

As a critical tool for cybersecurity knowledge modeling

vulnerability knowledge graphs play an increasingly important role in key tasks such as vulnerability analysis

threat modeling

security situational awareness and attack chain tracking. Unlike universal knowledge graphs

which cover a wide range of domains

have a long update cycle

and focus on generic knowledge and relationship modeling

vulnerability knowledge graphs are updated frequently

face the challenges of data heterogeneity

semantic ambiguity

and knowledge sparsity

and often need to incorporate unstructured descriptive information for joint modeling. However

the existing methods are still limited to the ternary formation modeling paradigm

ignoring the rich security text descriptions in the cybersecurity knowledge base

resulting in limited accuracy of vulnerability knowledge graph complementation and attack chain prediction. To address this

this paper proposes the construction of a vulnerability description knowledge graph (VKG-T)

which enhances the ability to complete vulnerability and weakness information by combining structural and semantic data. Additionally

we present a dual-modality perception aggregated model for vulnerability description knowledge graph completion (VKGC-ST). This model integrates graph attention networks (GAT) with pre-trained language models

considering both the structural adjacency features of entities and their textual descriptions

and employs multi-level negative sampling and contrastive learning mechanisms to improve semantic discrimination and structural correlation modeling. Through link prediction experiments on vulnerability knowledge graph VKG-T and general datasets FB15K-237

WN18RR

VKGC-ST achieves the best performance across all metrics

specifically

on the vulnerability description knowledge graph dataset

the average improvement rate is 9.42%

with a maximum improvement rate of 15.51%

showcasing excellent generalization ability and domain adaptability.

关键词

Keywords

references

DING Y , YU J , LIU B , et al . MuKEA: Multimodal knowledge extraction and accumulation for knowledge-based visual question answering [C ] // 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway : IEEE , 2022 : 5079 - 5088 .

SUN R , CAO X Z , ZHAO Y , et al . Multi-modal knowledge graphs for recommender systems [C ] // Proceedings of the 29th ACM International Conference on Information & Knowledge Management . New York : ACM , 2020 : 1405 - 1414 .

BORDES A , USUNIER N , GARCIA-DURÁN A , et al . Translating embeddings for modeling multi-relational data [C ] // Proceedings of the 27th International Conference on Neural Information Processing Systems . New York : ACM , 2013 : 2787 - 2795 .

JIA Y , QI Y L , SHANG H J , et al . A practical approach to constructing a knowledge graph for cybersecurity [J ] . Engineering , 2018 , 4 ( 1 ): 53 - 60 .

WANG Z , ZHANG J W , FENG J L , et al . Knowledge graph embedding by translating on hyperplanes [C ] // Proceedings of the Twenty-Eighth AAAI Conference on Artificial Intelligence . New York : ACM , 2014 : 1112 - 1119 .

SCHLICHTKRULL M , KIPF T N , BLOEM P , et al . Modeling relational data with graph convolutional networks [C ] // Proceedings of the 18th Extended Semantic Web Conference . Cham : Springer , 2018 : 593 - 607 .

VASHISHTH S , SANYAL S , NITIN V , et al . Composition-based multi-relational graph convolutional networks [EB/OL ] . ( 2020-01-18 )[ 2025-06-05 ] . https://arXiv.org/abs/1911.03082 https://arXiv.org/abs/1911.03082 .

LI R , CAO Y N , ZHU Q N , et al . How does knowledge graph embedding extrapolate to unseen data: A semantic evidence view [J ] . Proceedings of the AAAI Conference on Artificial Intelligence , 2022 , 36 ( 5 ): 5781 - 5791 .

LI Z F , ZHANG Q , ZHU F F , et al . Knowledge graph representation learning with simplifying hierarchical feature propagation [J ] . Information Processing & Management , 2023 , 60 ( 4 ): 103348 .

DETTMERS T , MINERVINI P , STENETORP P , et al . Convolutional 2D knowledge graph embeddings [EB/OL ] . ( 2018-07-04 )[ 2025-06-05 ] . https://arxiv.org/abs/1707.01476 https://arxiv.org/abs/1707.01476 .

NGUYEN D Q , NGUYEN T D , NGUYEN D Q , et al . A novel embedding model for knowledge base completion based on convolutional neural network [EB/OL ] . ( 2018-03-13 )[ 2025-06-05 ] . https://arXiv.org/abs/1712.02121 https://arXiv.org/abs/1712.02121 .

VASHISHTH S , SANYAL S , NITIN V , et al . InteractE: Improving convolution-based knowledge graph embeddings by increasing feature interactions [J ] . Proceedings of the AAAI Conference on Artificial Intelligence , 2020 , 34 ( 3 ): 3009 - 3016 .

WANG J X , ZHANG Q , SHI F B , et al . Knowledge graph embedding model with attention-based high-low level features interaction convolutional network [J ] . Information Processing & Management , 2023 , 60 ( 4 ): 103350 .

XIE R B , LIU Z Y , JIA J , et al . Representation learning of knowledge graphs with entity descriptions [C ] // Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence . New York : ACM , 2016 : 2659 - 2665 .

XIE R B , LIU Z Y , LUAN H B , et al . Image-embodied knowledge representation learning [C ] // Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence . International Joint Conferences on Artificial Intelligence Organization , 2017 : 3140 - 3146 .

PEZESHKPOUR P , CHEN L Y , SINGH S . Embedding multimodal relational data for knowledge base completion [C ] // Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing . Stroudsburg : ACL , 2018 : 3208 - 3218 .

ZHANG Y C , ZHANG W . Knowledge graph completion with pre-trained multimodal transformer and twins negative sampling [EB/OL ] . ( 2022-09-15 )[ 2025-06-05 ] . https://arXiv.org/abs/2209.07084 https://arXiv.org/abs/2209.07084 .

LEE J , CHUNG C , LEE H , et al . VISTA: Visual-textual knowledge graph representation learning [C ] // Findings of the Association for Computational Linguistics: EMNLP 2023 . Stroudsburg : ACL , 2023 : 7314 - 7328 .

ZHU Y Q , WANG X H , CHEN J , et al . LLMs for knowledge graph construction and reasoning: Recent capabilities and future opportunities [J ] . World Wide Web , 2024 , 27 ( 5 ): 58 .

ZHANG Y C , CHEN Z , GUO L B , et al . Making large language models perform better in knowledge graph completion [C ] // Proceedings of the 32nd ACM International Conference on Multimedia . New York : ACM , 2024 : 233 - 242 .

WANG W L , ZHOU H C , LI K , et al . Cyber-attack behavior knowledge graph based on CAPEC and CWE towards 6G [C ] // Proceedings of the 5th Mobile Internet Security . Singapore : Springer , 2022 : 352 - 364 .

LI Z Y , ZENG J , CHEN Y , et al . AttacKG: Constructing technique knowledge graph from cyber threat intelligence reports [C ] // Computer Security - ESORICS 2022 . Cham : Springer , 2022 : 589 - 609 .

周莎 , 申国伟 , 郭春 . 基于安全知识图谱与逆向特征的弱点信息补全 [J ] . 计算机工程 , 2024 , 50 ( 1 ): 145 - 155 .

ZHOU S , SHEN G W , GUO C . Vulnerability information completion based on security knowledge graph and reverse features [J ] . Computer Engineering , 2024 , 50 ( 1 ): 145 - 155 . (in Chinese)

HU Y L , ZOU F T , HAN J J , et al . LLM-TIKG: Threat intelligence knowledge graph construction utilizing large language model [J ] . Computers & Security , 2024 , 145 : 103999 .

YIN J , HONG W , WANG H , et al . A compact vulnerability knowledge graph for risk assessment [J ] . ACM Transactions on Knowledge Discovery from Data , 2024 , 18 ( 8 ): 1 - 17 .

WANG Y , HOU X W , MA X , et al . A software security entity relationships prediction framework based on knowledge graph embedding using sentence-bert [C ] // Proceedings of the 17th Wireless Algorithms, Systems, and Applications . Cham : Springer , 2022 : 501 - 513 .

ZHANG Y , CHEN J R , CHENG Z , et al . Edge propagation for link prediction in requirement-cyber threat intelligence knowledge graph [J ] . Information Sciences , 2024 , 653 : 119770 .

程子栋 , 李鹏 , 朱枫 . 物联网威胁情报知识图谱中潜在关系的挖掘 [J ] . 计算机应用 , 2025 , 45 ( 1 ): 24 - 31 .

CHENG Z D , LI P , ZHU F . Potential relation mining in Internet of Things threat intelligence knowledge graph [J ] . Journal of Computer Applications , 2025 , 45 ( 1 ): 24 - 31 . (in Chinese)

TOUTANOVA K , CHEN D Q . Observed versus latent features for knowledge base and text inference [C ] // Proceedings of the 3rd Workshop on Continuous Vector Space Models and Their Compositionality . Stroudsburg : ACL , 2015 : 57 - 66 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于Diffusion-Mamba和尺度不变损失的渐进式图像生成方法

基于邻域与超图协作的会话推荐

先验信息驱动的跨模态通用特征空间构建与分析

基于渐进式混合对比学习的无监督领域自适应行人再识别

镓铝砷双异质结红光二极管中红外辐射起因的研究