Constructing a Knowledge Graph from Textual Descriptions of Software Vulnerabilities in the National Vulnerability DatabaseDownload PDF

Anders Mølmen Høst, Pierre Lison, Leon Moonen

Published: 20 Mar 2023, Last Modified: 13 Apr 2025NoDaLiDa 2023Readers: Everyone
Keywords: Cybersecurity, Distant Supervision, Information Extraction, Knowledge Graphs
Abstract: Knowledge graphs have shown promise for several cybersecurity tasks, such as vulnerability assessment and threat analysis. In this work, we present a new method for constructing a vulnerability knowledge graph from information in the National Vulnerability Database (NVD). Our approach combines named entity recognition (NER), relation extraction (RE), and entity prediction using a combination of neural models, heuristic rules, and knowledge graph embeddings. We demonstrate how our method helps to fix missing entities in knowledge graphs used for cybersecurity and evaluate the performance.
Student Paper: Yes, the first author is a student
Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 3 code implementations](https://www.catalyzex.com/paper/constructing-a-knowledge-graph-from-textual/code)
3 Replies

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview