Knowledge Graph for Vulnerability Management

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science and Info Sys

Date of Award

Fall 2025

Abstract

As software usage increases, so are cybersecurity threats, organizations are strug-gling to manage and prioritize vulnerabilities, as the number of new vulnerabilities de- tected per year is increasing rapidly. Traditional vulnerability management lacks inte- gration of the most interlinked security databases Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumera- tion and Classification (CAPEC). In this research, this study introduces a graph-model(semantic model) representa- tion of vulnerability knowledge which not only integrates the security databases provided by the MITRE, but also adds new inference knowledge using inference rules from knowl- edge graphs, which enables the organizations, security analysts to query the vulnerability data cumulatively, gaining complete insights of the vulnerability impact and prioritize it accordingly. Various research has been done to build an ontology, but no specific knowl- edge graph is currently available up to date to query and gain insights integrating the se- curity databases. This research explores the construction of knowledge graph using linked data frag- ments, which enable high availability of the server for querying at low costs. Experimental evaluation showed that the knowledge graph approach achieved a 68% decrease in average query execution time compared to traditional relational database queries, while also sup- v porting automated inference that uncovered over 15% more semantic relationships. Utiliz- ing the Linked Data Fragments (LDF) server further boosted scalability and kept resource usage low. Keywords: Vulnerability, CVE, CWE, Knowledge Graph .

Advisor

Yuehua Wang

Subject Categories

Computer Sciences | Physical Sciences and Mathematics

Link to Full Text

Share

COinS