A Method for Discovering Hidden Patterns of Cybersecurity Knowledge Based on Hierarchical Clustering

The construction of cybersecurity knowledge graphs improves the full-dimensional cognitive ability of cyber threats. However, most of the current research on the cybersecurity knowledge graphs focuses on the one-hop or multi-hop correlation queries of knowledge, while ignoring the hidden patterns in the knowledge graphs. Based on the knowledge graph stated in this paper[1], we propose a method for discovering hidden patterns of cybersecurity knowledge based on hierarchical clustering, using the hacker group features of security technologies in the knowledge graph, calculating the distance between the security technology knowledge in the knowledge graph based on the Phicoefficient, and mining cybersecurity technologies that are often used by hacker groups by employing the ward linkage method of hierarchical clustering. The experimental results show that three similar cybersecurity technologies, namely Peripheral Device Discovery, Data from Removable Media and Junk Data, all of which are aimed at stealing or attacking the externally-connected devices of computers, are used by most hacker groups.