{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:30:21Z","timestamp":1775745021579,"version":"3.50.1"},"reference-count":30,"publisher":"EDP Sciences","license":[{"start":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T00:00:00Z","timestamp":1740441600000},"content-version":"vor","delay-in-days":55,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100018919","name":"Peng Cheng Laboratory","doi-asserted-by":"publisher","award":["Major Key Project of PCL (Grant No. PCL2024A05)"],"award-info":[{"award-number":["Major Key Project of PCL (Grant No. PCL2024A05)"]}],"id":[{"id":"10.13039\/100018919","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Safety"],"accepted":{"date-parts":[[2024,10,29]]},"published-print":{"date-parts":[[2025]]},"abstract":"<jats:p>The rapid advancement of information technologies has significantly intensified the focus on cyberspace security across various sectors. In this evolving landscape, attackers deploy many techniques- including exploits, weakness identification, and complex multi-step attacks- to gain unauthorized access to systems. Conversely, defenders harness insights from a variety of sources to pinpoint potential threats. Prominent public cybersecurity databases such as the Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK), Common Attack Pattern Enumeration and Classification (CAPEC), Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Platform Enumeration (CPE) provide extensive data on security entities and their interrelations, playing a pivotal role in enriching the understanding of cybersecurity challenges and assisting in comprehensive defensive analyses. However, the semantic cross-analysis of these databases, crucial for identifying obscure threat patterns, remains underexploited. In this study, we amalgamate data from these disparate sources into a cohesive threat knowledge graph and introduce a novel knowledge representation learning approach, A4CKGE (ATT&amp;CK-CAPEC-CWE-CVE-CPE Knowledge Graph Embedding). This method utilizes advanced structural and textual analytics to predict interactions among security entities such as products, vulnerabilities, weaknesses, and multi-step attack sequences, employing complex attack templates generated through a Large Language Model (LLM). Our extensive experiments demonstrate that this approach significantly outperforms existing state-of-the-art methods in effectively predicting these relationships. The findings validate the efficacy of our threat knowledge graph in unveiling hidden connections, thereby highlighting its potential to strengthen cybersecurity defenses substantially.<\/jats:p>","DOI":"10.1051\/sands\/2024019","type":"journal-article","created":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T19:47:01Z","timestamp":1730317621000},"page":"2024019","source":"Crossref","is-referenced-by-count":2,"title":["Uncovering multi-step attacks with threat knowledge graph reasoning"],"prefix":"10.1051","volume":"4","author":[{"given":"Xiayu","family":"Xiang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Changchang","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1627-5811","authenticated-orcid":false,"given":"Liyi","family":"Zeng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenying","family":"Feng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yushun","family":"Xie","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhaoquan","family":"Gu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"250","published-online":{"date-parts":[[2025,2,25]]},"reference":[{"key":"R1","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/j.eng.2018.01.004","volume":"4","author":"Jia","year":"2018","journal-title":"Engineering"},{"key":"R2","doi-asserted-by":"crossref","first-page":"110781","DOI":"10.1016\/j.knosys.2023.110781","volume":"276","author":"Jia","year":"2023","journal-title":"Knowledge-Based Syst"},{"key":"R3","doi-asserted-by":"crossref","first-page":"1851","DOI":"10.1109\/COMST.2019.2891891","volume":"21","author":"Alshamrani","year":"2019","journal-title":"IEEE Commun Surv Tutorials"},{"key":"R4","doi-asserted-by":"crossref","first-page":"214","DOI":"10.1016\/j.cose.2018.03.001","volume":"76","author":"Navarro","year":"2018","journal-title":"Comput Secur"},{"key":"R5","unstructured":"ATT&CK: Adversarial Tactics, Techniques, and Common Knowledge, https:\/\/attack.mitre.org\/"},{"key":"R6","unstructured":"CAPEC: Common Attack Pattern Enumeration and Classification, https:\/\/capec.mitre.org"},{"key":"R7","unstructured":"CVE: Common vulnerabilities and exposures, https:\/\/nvd.nist.gov\/vuln"},{"key":"R8","unstructured":"CWE: Common Weakness Enumeration, https:\/\/cwe.mitre.org\/"},{"key":"R9","unstructured":"CPE: Common Platform Enumeration, https:\/\/nvd.nist.gov\/products\/cpe"},{"key":"R10","first-page":"4131","volume":"26","author":"Angxiao","year":"2023","journal-title":"WWWJ"},{"key":"R11","doi-asserted-by":"crossref","unstructured":"Han Z, Li X and Liu H et al. DeepWeak: Reasoning common software weaknesses via knowledge graph embedding. In: 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER). Campobasso, IEEE, 2018, 456\u201366.","DOI":"10.1109\/SANER.2018.8330232"},{"key":"R12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3498537","volume":"31","author":"Guo","year":"2022","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"R13","doi-asserted-by":"crossref","unstructured":"Yuan L, Bai Y and Xing Z et al. Predicting entity relations across different security databases by using graph attention network. In: 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain, IEEE, 2021, 834\u201343.","DOI":"10.1109\/COMPSAC51774.2021.00116"},{"key":"R14","first-page":"5695","volume":"35","author":"Ren","year":"2022","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"R15","doi-asserted-by":"crossref","first-page":"2724","DOI":"10.1109\/TKDE.2017.2754499","volume":"29","author":"Wang","year":"2017","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"R16","doi-asserted-by":"crossref","unstructured":"Xiao H, Xing Z and Li X et al. Embedding and predicting software security entity relationships: a knowledge graph based approach. In: Neural Information Processing: 26th International Conference (ICONIP 2019), Australia, Springer, 2019, pp.50\u201363.","DOI":"10.1007\/978-3-030-36718-3_5"},{"key":"R17","doi-asserted-by":"crossref","unstructured":"Papadakis G, Ioannou E and Thanos E et al. Entity Resolution: Past, Present, and Yet-to-Come. The Four Generations of Entity Resolution. Cham: Springer International Publishing, 2021, pp. 1\u20133.","DOI":"10.1007\/978-3-031-01878-7_1"},{"key":"R18","doi-asserted-by":"crossref","first-page":"494","DOI":"10.1109\/TNNLS.2021.3070843","volume":"33","author":"Ji","year":"2022","journal-title":"IEEE Trans Neural Netw Learning Syst"},{"key":"R19","doi-asserted-by":"crossref","unstructured":"Long Y, Xiang X and Jing X et al. MDATA Model Based Cyber Security Knowledge Representation and Application. In: 2023 8th International Conference on Data Science in Cyberspace (DSC), China, IEEE, 2023, pp. 483\u2013490.","DOI":"10.1109\/DSC59305.2023.00076"},{"key":"R20","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1080\/19393555.2015.1111961","volume":"24","author":"Zhang","year":"2015","journal-title":"Inf Secur J Glob Perspect"},{"key":"R21","doi-asserted-by":"crossref","unstructured":"Li X, Chen J, Lin Z and Zhang L et al. A mining approach to obtain the software vulnerability characteristics. In: 2017 fifth international conference on advanced cloud and big data (CBD), China, IEEE, 2017, 296\u2013301.","DOI":"10.1109\/CBD.2017.58"},{"key":"R22","unstructured":"Bordes A, Usunier N and Garcia-Duran A et al. Translating embeddings for modeling multi-relational data. Adv. Neural Inf Proc Syst 2015, 26."},{"key":"R23","doi-asserted-by":"crossref","unstructured":"Wang Z, Zhang J and Feng J et al. Knowledge graph embedding by translating on hyperplanes. The AAAI conference on artificial intelligence (AAAI), Canada, AAAI Press, 2014, pp. 1112\u20131119.","DOI":"10.1609\/aaai.v28i1.8870"},{"key":"R24","unstructured":"Yang B, Yi T and He X et al. Embedding entities and relations for learning and inference in knowledge bases. ArXiv preprint [arXiv: 1412.6575], 2014"},{"key":"R25","unstructured":"Trouillon T, Welbl J and Riedel S et al. Complex Embeddings for Simple Link Prediction. International conference on machine learning. USA: PMLR, 2016, pp. 2071\u20132080."},{"key":"R26","unstructured":"Sun Z, Deng Z and Nie H et al. Rotate: Knowledge graph embedding by relational rotation in complex space. ArXiv preprint [arXiv: 1902.10197], 2019."},{"key":"R27","doi-asserted-by":"crossref","unstructured":"Xiao H, Xing Z and Li X et al. Embedding and predicting software security entity relationships: A knowledge graph based approach. In: 6th International Conference (ICONIP), Australia, Springer, 2019, pp. 50\u201363.","DOI":"10.1007\/978-3-030-36718-3_5"},{"key":"R28","unstructured":"Lin Y, Liu Z and Luan H et al. Modeling relation paths for representation learning of knowledge bases. ArXiv preprint [arXiv: 1506.00379], 2019."},{"key":"R29","unstructured":"ATT&CK Groups: Groups, https:\/\/attack.mitre.org\/groups\/"},{"key":"R30","doi-asserted-by":"crossref","unstructured":"Ma C, Xiang X and Xie Y, et al. Uncovering Security Entity Relations with Cyber Threat Knowledge Graph Embedding. In: International Conference on Network Simulation and Evaluation (NSE), Singapore: Springer, 2023, pp. 20\u201335.","DOI":"10.1007\/978-981-97-4522-7_2"}],"container-title":["Security and Safety"],"original-title":[],"link":[{"URL":"https:\/\/sands.edpsciences.org\/10.1051\/sands\/2024019\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,4]],"date-time":"2025-03-04T08:50:49Z","timestamp":1741078249000},"score":1,"resource":{"primary":{"URL":"https:\/\/sands.edpsciences.org\/10.1051\/sands\/2024019"}},"subtitle":[],"editor":[{"given":"Zhaoqun","family":"Gu","sequence":"first","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]},{"given":"Guandong","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]},{"given":"Ning","family":"Hu","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":30,"alternative-id":["sands20240007"],"URL":"https:\/\/doi.org\/10.1051\/sands\/2024019","relation":{},"ISSN":["2826-1275"],"issn-type":[{"value":"2826-1275","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}