Recommendations for Responding to System Security Incidents Using Knowledge Graph Embedding

Recently, security attacks occurring in edge computing environments have emerged as an important research topic in the field of cybersecurity. Edge computing is a distributed computing technology that expands the existing cloud computing architecture to introduce a new layer, the edge layer, between the cloud layer and the user terminal layer. Edge computing has the advantage of greatly improving the data processing speed and efficiency but, at the same time, is complex, and various new attacks occur frequently. Therefore, for improving the security of edge computing, effective and intelligent security strategies and policies must be established in consideration of a wide range of vulnerabilities. Intelligent security systems, which have recently been studied, provide a way to detect and respond to security threats by integrating the latest technologies, such as machine learning and big data analysis. Intelligent security technology can quickly recognize attack patterns or abnormal behaviors within a large amount of data and continuously respond to new threats through learning. In particular, knowledge-based technologies using ontology or knowledge graph technology play an important role in more deeply understanding the meaning and relationships between of security data and more effectively detecting and responding to complex threats. This study proposed a method for recommending strategies to respond to edge computing security incidents based on the automatic generation and embedding of security knowledge graphs. An EdgeSecurity-BERT model, utilizing the latest security vulnerability data from edge computing, was designed to extract entities and their relational information. Also, a security vulnerability assessment method was proposed to recommend strategies to respond to edge computing security incidents through knowledge graph embedding. In the experiment, the classification accuracy of security news data for common vulnerability and exposure data was approximately 86% on average. In addition, the EdgeSecurityKG applying the security vulnerability similarity improved the Hits@10 performance to identify the correct link, but the MR performance was degraded owing to the increased complexity. In complex areas, such as security, careful evaluation of the model's performance and data selection are important. The EdgeSecurityKG applying the security vulnerability similarity provides an important advantage in understanding complex security vulnerability relationships.