STIX-based Network Security Knowledge Graph Ontology Modeling Method.

Network security incidents are complex and unstructured, making them difficult to understand and share. In this paper, we analyzes the commonality between structured threat information representation (STIX) and network security domain knowledge, and proposes a knowledge graph ontology modeling method of network security based on STIX. With the architecture knowledge of STIX, this method generates an ontology schema of network security knowledge graph, through classifying the concepts in the field of network security, describing the attributes of concepts and combing the relationships between concepts. The ontology schema has small redundancy and strong structural hierarchy, and can clearly display the structure of the attack activity and the mutual relationship. Therefore, it can help decision makers to understand security incidents more deeply, and help them make reasonable decisions and share cyber threat intelligence.