Knowledge Graph-based Modeling of Dynamic Vulnerability Data and Organizational Knowledge for Cybersecurity Enhancement

Christophe Bobineau
Calendar
When:
31/01/2024 – 01/02/2024 all-day
2024-01-31T01:00:00+01:00
2024-02-01T01:00:00+01:00
Stages

Offre en lien avec l’Action/le Réseau : – — –/– — –

Laboratoire/Entreprise : ERIC
Durée : 6 mois
Contact : mohamed-lamine.messai@univ-lyon2.fr
Date limite de publication : 2024-01-31

Contexte :
Knowledge Graphs & Cybersecurity

Sujet :
In the era of increasing cyber threats, it is crucial for organizations to have a comprehensive understanding of their vulnerabilities and the interconnectedness of their digital assets. This research internship aims to explore the potential of knowledge graphs [1] in the field of cybersecurity by developing a dynamic vulnerability data model (e.g., CVE) integrated with an organizational knowledge graph representing network architecture, host operating systems, software versions (e.g., web server version, libraries, database server version), and more. The ultimate goal is to empower organizations to gain insights into threat dependencies and enhance their cybersecurity measures [2]. Additionally, we aim to investigate the construction of digital twins using knowledge graphs to provide a visual and conceptual representation of an organization’s cyber environment [3].
Objectives of this internship :
• Knowledge Graph Modeling: Design and develop a knowledge graph schema that incorporates dynamic vulnerability data (e.g., CVEs) and organizational information (network architecture, software versions, etc.).
• Data Integration: Establish mechanisms to extract, transform, and load vulnerability data and organizational information into the knowledge graph.
Page 2 sur 2
• Dependency Analysis: Analyze the knowledge graph to identify and visualize the dependencies and relationships between vulnerabilities and organizational assets, enabling a better understanding of threat landscapes.
• Digital Twin Construction: Investigate the utilization of knowledge graphs to construct digital twins that mimic the behavior and interactions within an organization’s cyber ecosystem, providing a simulated environment for testing security strategies and evaluating risk scenarios.
• Machine Learning: propose knowledge graph embedding to detect vulnerabilities and attacks [4, 5, 6].
• Implementation and tests

Profil du candidat :
Master 2 student (or equivalent).

Formation et compétences requises :
The candidate must have advanced skills (M2 level) in computer science (data science, machine learning and notions of graph theory and computer security are highly desirable).

Adresse d’emploi :
ERIC Laboratory, Porte des Alpes Campus, Bron.

Document attaché : 202309071410_Internship-FIL-ROMANCE-1.pdf