漏洞知识图谱数据库详细设计 郝伟 2021/02/17
abstractabstract classannotationcirclecircle_short_formclassentityenuminterface
UserAccountHostSoftwareVulnerabilityPlatformIPAddressPortDNSNameAddressRangeServiceMalwareFlowhasAccount1nloginsInTo11runs1nexposes1nhasIP1nrunsOnhasIP11hasPort11hasDNSName11hasAddress(src, dst)12inRangehasKnownService11hasVulnerability1nhasFlow1nrunsOn1nexploitscommunicatesWithrunsOn1n
GObjectstring id // 节点编号(唯一)string description // 节点描述string obj_name // 对象名称,与类名相同string data_source // 数据源enum type ['v', 'e']double score // 节点的评分double score_max // 节点评分上限double score_min // 节点评分下限double score_description // 节点信息描述所有数据只有两种类型:节点或边。Vertextype='v'Userstring namestring user_typestring mailboxstring userinfo // 待加入Accountstring uidstring pwdstring sourceHoststring namestring running_statusPlatformType sys_typeSoftwarestring nvdIdstring statusstring vendorstring versionstring language: [cn, en, de, jp]Platformstring name // Ubuntu, Dubian, Windows 10, MacOS, etcstring Platform_type: [Win, Linux, Unix, IOT, Others]string versionstring infomationVulnerabilitystring cveidstring commentsstring solutiondate publish_datedouble cvss_scoredouble impactIPstring ipint ipIntstring countryCodecountrystring namestring codeAddressPortDNSNamestring namestring dnstypeAddressRangestring startIPint start_int_IPstring endIPint end_int_IPServicestring namestring stypestring versionstring[] notesMalwarestring nvdIdstring avNamestring[] aliasesstring sha1hashesstring md5hashesstring platform_type: [win, linux, iot]string platform_versionstring Malware_type: [exp, poc, payload]string signature_datestring modified_dateFlowstring protocal // 流所使用的协议string protocal_layer // 所在的层EdgeAttackAttackerhasVal
GObjectstring id // 节点编号(唯一)string description // 节点描述string obj_name // 对象名称,与类名相同string data_source // 数据源enum type ['v', 'e']double score // 节点的评分double score_max // 节点评分上限double score_min // 节点评分下限double score_description // 节点信息描述Edgestatic int counter // 全局计数器Vertex inV // 进节点Vertex outV // 出节点type='e'hasAccountlogsInTologsInFromrunsrunsAshasVulnerabilityusesAddresshasDNSNamehasIPhasPortinAddressRangehasKnownServicedstAddresssrcAddresshasFlowinvolvesMalwareexploitscommunicatesWithrunsOnincludesFlow
