Industrial control systems (ICS) involve many key industries, which once attacked will cause heavy losses. However, traditional passive defense methods of cybersecurity have difficulty effectively dealing with increasingly complex threats; a knowledge graph is a new idea to analyze and process data in cybersecurity analysis. We propose a novel overall framework of data-driven industrial control network security defense, which integrated fragmented multisource threat data with an industrial network layout by a cybersecurity knowledge graph. In order to better correlate data to construct a knowledge graph, we propose a distant supervised relation extraction model ResPCNN-ATT; it is based on a deep residual convolutional neural network and attention mechanism, reduces the influence of noisy data in distant supervision, and better extracts deep semantic features in sentences by using deep residuals. We empirically demonstrate the performance of the proposed method in the field of general cybersecurity by using dataset CSER; the model proposed in this paper achieves higher accuracy than other models. And then, the dataset ICSER was used to construct a cybersecurity knowledge graph (CSKG) on the basis of analyzing specific industrial control scenarios, visualizing the knowledge graph for further security analysis to the industrial control system.

中文翻译：

---

数据驱动的网络安全知识图构建，用于工业控制系统安全

工业控制系统（ICS）涉及许多关键行业，一旦受到攻击，将造成重大损失。但是，传统的网络安全被动防御方法难以有效应对日益复杂的威胁。知识图是在网络安全分析中分析和处理数据的新思路。我们提出了一种新型的数据驱动型工业控制网络安全防御的总体框架，该框架通过网络安全知识图将分散的多源威胁数据与工业网络布局集成在一起。为了更好地关联数据以构造知识图，我们提出了一种远程监督关系提取模型ResPCNN-ATT。它基于深度残差卷积神经网络和注意力机制，减少了嘈杂数据对远程监管的影响，并通过使用深度残差更好地提取句子中的深度语义特征。我们通过使用数据集CSER，在通用网络安全领域中通过经验证明了该方法的性能。本文提出的模型比其他模型具有更高的精度。然后，在分析特定的工业控制场景的基础上，使用ICSER数据集构建网络安全知识图（CSKG），可视化知识图，以便对工业控制系统进行进一步的安全分析。