Vulnerability intelligence typically comprises exploit descriptions and attack payloads. The primary challenge lies in correlating this intelligence and addressing the scarcity of attack payloads, which impedes robust traffic-based detection. To address these issues, this paper introduces KVT-Payload, a graph-enhanced hierarchical constraint framework that systematically generates attack payloads from existing vulnerability intelligence. KVT-Payload consists of three primary modules, including Knowledge graph-based Vulnerability Representation (KVR), Adversarial Conditioned Graph Attention Network (ACGAN) and Hierarchical constrained Payload Generation (HPGen). Specifically, the KVR module utilizes a knowledge graph to construct directed graphs from vulnerability descriptions and associated payloads. The ACGAN module then vectorizes these directed graphs using Graph Attention Networks (GAT) and employs a Conditional Generative Adversarial Network (CGAN) to produce adversarially enhanced node representations. The HPGen module employs a triple-constraint architecture, comprising a vulnerability category generator, payload length controller, and payload content generator, to progressively generate attack payloads. These payloads augment security detector datasets, enhancing their performance and resilience against evolving threats, thereby tackling critical data limitations. Extensive experiments demonstrate that KVT-Payload achieves state-of-the-art performance in generating vulnerability payloads by integrating an enhanced knowledge graph with hierarchical constraints. Furthermore, our ablation studies confirm the individual effectiveness of each component, particularly in environments with payload constraints.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

KVT-Payload: Knowledge Graph-Enhanced Hierarchical Vulnerability Traffic Payload Generation

  • Faqi Zhao,
  • Rong Shi,
  • Guoqiao Zhou,
  • Wen Wang,
  • Feng Liu

摘要

Vulnerability intelligence typically comprises exploit descriptions and attack payloads. The primary challenge lies in correlating this intelligence and addressing the scarcity of attack payloads, which impedes robust traffic-based detection. To address these issues, this paper introduces KVT-Payload, a graph-enhanced hierarchical constraint framework that systematically generates attack payloads from existing vulnerability intelligence. KVT-Payload consists of three primary modules, including Knowledge graph-based Vulnerability Representation (KVR), Adversarial Conditioned Graph Attention Network (ACGAN) and Hierarchical constrained Payload Generation (HPGen). Specifically, the KVR module utilizes a knowledge graph to construct directed graphs from vulnerability descriptions and associated payloads. The ACGAN module then vectorizes these directed graphs using Graph Attention Networks (GAT) and employs a Conditional Generative Adversarial Network (CGAN) to produce adversarially enhanced node representations. The HPGen module employs a triple-constraint architecture, comprising a vulnerability category generator, payload length controller, and payload content generator, to progressively generate attack payloads. These payloads augment security detector datasets, enhancing their performance and resilience against evolving threats, thereby tackling critical data limitations. Extensive experiments demonstrate that KVT-Payload achieves state-of-the-art performance in generating vulnerability payloads by integrating an enhanced knowledge graph with hierarchical constraints. Furthermore, our ablation studies confirm the individual effectiveness of each component, particularly in environments with payload constraints.