Cyber threat indicators extraction based on contextual knowledge prompt

IF 4.4 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
{"title":"Cyber threat indicators extraction based on contextual knowledge prompt","authors":"","doi":"10.1016/j.comnet.2024.110839","DOIUrl":null,"url":null,"abstract":"<div><div>Extracting Indicators of Compromise (IOC) from security-related social data (e.g., security blogs, hacker forums) is crucial for predicting cyber risks and mitigating cyber attacks proactively. However, existing IOC extraction approaches suffer from two serious limitations. First, they fail to learn the multiculti-granular and fine-grained IOC features, resulting in high false positives. Second, current methods cannot incorporate symbolic rules and contextual knowledge, resulting in poor interpretability. In this paper, we propose AIIOC, an <u>A</u>ccurate and <u>I</u>nterpretable <u>I</u> <u>O</u> <u>C</u> extraction model based on contextual knowledge prompts. Particularly, AIIOC first proposes a multi-granularity attention mechanism to learn fine-grained IOC features and boost the accuracy of IOC identification. Additionally, AIIOC designs a novel sequence labeling method that integrates symbolic rules and contextual knowledge prompts, which can encode symbolic rules and contextual semantics of IOC in trainable recurrent neural networks to improve both accuracy and interpretability. Experimental results on two real-world datasets verify that AIIOC outperforms state-of-the-art methods and showcases promising interpretability by incorporating symbolic rules and contextual knowledge prompts.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624006716","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Extracting Indicators of Compromise (IOC) from security-related social data (e.g., security blogs, hacker forums) is crucial for predicting cyber risks and mitigating cyber attacks proactively. However, existing IOC extraction approaches suffer from two serious limitations. First, they fail to learn the multiculti-granular and fine-grained IOC features, resulting in high false positives. Second, current methods cannot incorporate symbolic rules and contextual knowledge, resulting in poor interpretability. In this paper, we propose AIIOC, an Accurate and Interpretable I O C extraction model based on contextual knowledge prompts. Particularly, AIIOC first proposes a multi-granularity attention mechanism to learn fine-grained IOC features and boost the accuracy of IOC identification. Additionally, AIIOC designs a novel sequence labeling method that integrates symbolic rules and contextual knowledge prompts, which can encode symbolic rules and contextual semantics of IOC in trainable recurrent neural networks to improve both accuracy and interpretability. Experimental results on two real-world datasets verify that AIIOC outperforms state-of-the-art methods and showcases promising interpretability by incorporating symbolic rules and contextual knowledge prompts.
基于上下文知识提示的网络威胁指标提取
从与安全相关的社交数据(如安全博客、黑客论坛)中提取 "破坏指标"(IOC)对于预测网络风险和主动减轻网络攻击至关重要。然而,现有的 IOC 提取方法存在两个严重的局限性。首先,它们无法学习多文化粒度和细粒度的 IOC 特征,导致高误报率。其次,目前的方法不能结合符号规则和上下文知识,导致可解释性差。在本文中,我们提出了基于上下文知识提示的精确可解释 I O C 提取模型 AIIOC。特别是,AIIOC 首先提出了一种多粒度关注机制,以学习细粒度的 IOC 特征,提高 IOC 识别的准确性。此外,AIIOC 还设计了一种整合了符号规则和语境知识提示的新型序列标注方法,可将 IOC 的符号规则和语境语义编码到可训练的递归神经网络中,从而提高准确性和可解释性。在两个真实世界数据集上的实验结果验证了 AIIOC 的性能优于最先进的方法,并通过整合符号规则和上下文知识提示展示了良好的可解释性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computer Networks
Computer Networks 工程技术-电信学
CiteScore
10.80
自引率
3.60%
发文量
434
审稿时长
8.6 months
期刊介绍: Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信