Cyber-Attack Behavior Knowledge Graph Based on CAPEC and CWE Towards 6G

Abstract

6G-oriented network intelligence needs the support of knowledge from inside and outside the network. CAPEC and CWE are network security databases targeting attack patterns and weaknesses respectively, which are relatively complete knowledge from outside the network. Constructing the important entities and relationships in CAPEC and CWE as knowledge graphs is conducive to comprehensively grasping the strategies and behaviors of certain attacks, thus providing a supplement for network internal knowledge and guidance for attack prediction and network situational awareness. Therefore, this paper analyzes the content and organizational structure of CAPEC and CWE, and proposes a method to construct cyber-attack knowledge graph based on CAPEC and CWE, which is implemented in the graph database Neo4j. This paper also introduces the application of the knowledge graph in DDoS flood attack and multi-stage attack.