YD/T 4589-2023
Cyberspace Security Simulation Functional Requirements of Cybersecurity Knowledge Acquisition System (English Version)

Standard No.
YD/T 4589-2023
Language
Chinese, Available in English version
Release Date
2023
Published By
Professional Standard - Post and Telecommunication  CN  /  YD
Latest
YD/T 4589-2023
 
Introduction

Analysis of the standard technical architecture

According to the definition in Chapter 4 of the standard, the cybersecurity knowledge acquisition system adopts a five-layer processing architecture: data input layer → knowledge extraction layer → entity linking layer → knowledge deduction layer → verification and update layer. The system needs to support multi-source input of structured data (such as vulnerability libraries), semi-structured data (forum posts) and unstructured data (technical reports), and realize the dynamic evolution of the knowledge system through the knowledge graph construction engine.

Comparative Analysis of Core Functions

Functional Modules Key Technologies Confidence Requirements Typical Application Scenarios
Knowledge Extraction Named Entity Recognition, Dependency Syntax Analysis Original Evidence Needs to be Provided CVE Vulnerability Description Parsing
Entity Linking Candidate Set Generation, Disambiguation Algorithm Similarity Threshold ≥ 0.7 Attack Tool Alias Normalization
Knowledge Deduction Rule reasoning, credibility scoring Score ≥ 0.8 can be stored APT attack chain prediction

Detailed explanation of interface specification

Knowledge extraction interface example

Appendix A.1 of the standard stipulates that the request parameters must include docType (data type identifier) and textData (cleaned text). The response parameter adopts a triple structure, in which the score field requires the confidence to be accurate to two decimal places, for example:

{ "subjectName": "Heartbleed", "predicateName": "Affected component", "objectName": "OpenSSL", "score": 0.92 }

Implementation suggestions

  1. Knowledge verification module should establish a multi-dimensional evaluation system, including data source authority, extraction rule coverage, time decay factor, etc.
  2. Entity disambiguation recommends the use of pre-trained models such as BERT-wwm to improve context understanding capabilities
  3. Knowledge updates need to be versioned and historical change records must be retained to meet audit requirements

Standard Evolution Analysis

Compared with international standards ISO/IEC 27005, the innovation of this standard is: for the first time, it clarifies the closed-loop process of cybersecurity knowledge acquisition (extraction → linking → deduction → verification → updating), and defines quantitative evaluation indicators for each link. In the future, attention should be paid to the adaptability update of technologies such as knowledge federation learning and multimodal data fusion.

YD/T 4589-2023 Referenced Document

YD/T 4589-2023 history

  • 2023 YD/T 4589-2023 Cyberspace Security Simulation Functional Requirements of Cybersecurity Knowledge Acquisition System
Cyberspace Security Simulation Functional Requirements of Cybersecurity Knowledge Acquisition System

Topics on standards and specifications

Cyberspace cyberspace security

Standard and Specification

YD/T 4992-2024 National Security Simulation Network Space Data Support Platform Technical Requirements YD/T 4595-2023 Cyberspace Security Simulation Unified representation and interface requirements for network security test knowledge GB/T 38561-2020 Information security technology—Technical requirements for cybersecurity management support system


Copyright ©2026 All Rights Reserved
Update: Wed, 03 Jun 2026 06:31:09 +0000