scholarly journals An Automatic Generation Approach of the Cyber Threat Intelligence Records Based on Multi-Source Information Fusion

2021 ◽  
Vol 13 (2) ◽  
pp. 40
Author(s):  
Tianfang Sun ◽  
Pin Yang ◽  
Mengming Li ◽  
Shan Liao
Keyword(s):  
Language Processing ◽  
Automatic Generation ◽  
Source Information ◽  
Advanced Persistent Threats ◽  
Security Personnel ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Emergency Events ◽  
Low Efficiency ◽  
Cyber Threat Intelligence

With the progressive deterioration of cyber threats, collecting cyber threat intelligence (CTI) from open-source threat intelligence publishing platforms (OSTIPs) can help information security personnel grasp public opinions with specific pertinence, handle emergency events, and even confront the advanced persistent threats. However, due to the explosive growth of information shared on multi-type OSTIPs, manually collecting the CTI has had low efficiency. Articles published on the OSTIPs are unstructured, leading to an imperative challenge to automatically gather CTI records only through natural language processing (NLP) methods. To remedy these limitations, this paper proposes an automatic approach to generate the CTI records based on multi-type OSTIPs (GCO), combing the NLP method, machine learning method, and cybersecurity threat intelligence knowledge. The experiment results demonstrate that the proposed GCO outperformed some state-of-the-art approaches on article classification and cybersecurity intelligence details (CSIs) extraction, with accuracy, precision, and recall all over 93%; finally, the generated records in the Neo4j-based CTI database can help reveal malicious threat groups.

scholarly journals EX-Action: Automatically Extracting Threat Actions from Cyber Threat Intelligence Report Based on Multimodal Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Huixia Zhang ◽  
Guowei Shen ◽  
Chun Guo ◽  
Yunhe Cui ◽  
Chaohui Jiang
Keyword(s):  
Language Processing ◽  
Learning Algorithm ◽  
Complex Structure ◽  
Extraction Methods ◽  
Experimental Result ◽  
Intelligence Analysis ◽  
Multimodal Learning ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

With the increasing complexity of network attacks, an active defense based on intelligence sharing becomes crucial. There is an important issue in intelligence analysis that automatically extracts threat actions from cyber threat intelligence (CTI) reports. To address this problem, we propose EX-Action, a framework for extracting threat actions from CTI reports. EX-Action finds threat actions by employing the natural language processing (NLP) technology and identifies actions by a multimodal learning algorithm. At the same time, a metric is used to evaluate the information completeness of the extracted action obtained by EX-Action. By the experiment on the CTI reports that consisted of sentences with complex structure, the experimental result indicates that EX-Action can achieve better performance than two state-of-the-art action extraction methods in terms of accuracy, recall, precision, and F1-score.

Darkweb Cyber Threat Intelligence Mining

2017 ◽  
Author(s):  
John Robertson ◽  
Ahmad Diab ◽  
Ericsson Marin ◽  
Eric Nunes ◽  
Vivin Paliath ◽  
...  
Keyword(s):  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool

2019 ◽  
Author(s):  
Nolan Arnold ◽  
Mohammadreza Ebrahimi ◽  
Ning Zhang ◽  
Ben Lazarine ◽  
Mark Patton ◽  
...  
Keyword(s):  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Sign in / Sign up

Export Citation Format

Share Document