{"title":"基于迁移学习的有用网络威胁情报关系检索","authors":"Chia-Mei Chen, Fang-Hsuan Hsu, Jenq-Neng Hwang","doi":"10.1145/3590777.3590784","DOIUrl":null,"url":null,"abstract":"The emergence of hacker groups extends the complexity and frequency of cyberattacks. To adapt to the rapidly evolving cyberattacks, acquiring valuable information from security incident reports is critical for businesses to gain visibility into the fast-evolving threat landscape and to timely deploy preventive measures. As such threat intelligence is mostly presented in textual reports, such information needs to be extracted manually by security analysts and is highly dependent on personnel experience. This research proposes a novel cyber threat intelligence extraction system called “CARE” (Cyber Attack Relation Extraction) that extracts critical threat entities and presents their relationship in both graphical and textual forms that help cybersecurity staff quickly grasp the key information from security reports. To capture attack-related information, this study adopts BERT to enhance contextualized word representation and applies transfer learning to extract the relations among threat entities. The evaluation results show that the proposed CARE system achieves a 97% F1-score on relation extraction and that it could retrieve useful threat information effectively.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Useful Cyber Threat Intelligence Relation Retrieval Using Transfer Learning\",\"authors\":\"Chia-Mei Chen, Fang-Hsuan Hsu, Jenq-Neng Hwang\",\"doi\":\"10.1145/3590777.3590784\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The emergence of hacker groups extends the complexity and frequency of cyberattacks. To adapt to the rapidly evolving cyberattacks, acquiring valuable information from security incident reports is critical for businesses to gain visibility into the fast-evolving threat landscape and to timely deploy preventive measures. As such threat intelligence is mostly presented in textual reports, such information needs to be extracted manually by security analysts and is highly dependent on personnel experience. This research proposes a novel cyber threat intelligence extraction system called “CARE” (Cyber Attack Relation Extraction) that extracts critical threat entities and presents their relationship in both graphical and textual forms that help cybersecurity staff quickly grasp the key information from security reports. To capture attack-related information, this study adopts BERT to enhance contextualized word representation and applies transfer learning to extract the relations among threat entities. The evaluation results show that the proposed CARE system achieves a 97% F1-score on relation extraction and that it could retrieve useful threat information effectively.\",\"PeriodicalId\":231403,\"journal\":{\"name\":\"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3590777.3590784\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3590777.3590784","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Useful Cyber Threat Intelligence Relation Retrieval Using Transfer Learning
The emergence of hacker groups extends the complexity and frequency of cyberattacks. To adapt to the rapidly evolving cyberattacks, acquiring valuable information from security incident reports is critical for businesses to gain visibility into the fast-evolving threat landscape and to timely deploy preventive measures. As such threat intelligence is mostly presented in textual reports, such information needs to be extracted manually by security analysts and is highly dependent on personnel experience. This research proposes a novel cyber threat intelligence extraction system called “CARE” (Cyber Attack Relation Extraction) that extracts critical threat entities and presents their relationship in both graphical and textual forms that help cybersecurity staff quickly grasp the key information from security reports. To capture attack-related information, this study adopts BERT to enhance contextualized word representation and applies transfer learning to extract the relations among threat entities. The evaluation results show that the proposed CARE system achieves a 97% F1-score on relation extraction and that it could retrieve useful threat information effectively.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
