亲爱的研友该休息了!由于当前在线用户较少,发布求助请尽量完整地填写文献信息,科研通机器人24小时在线,伴您度过漫漫科研夜!身体可是革命的本钱,早点休息,好梦!

Cyber threat attribution using unstructured reports in cyber threat intelligence

计算机科学 人工智能 计算机安全 机器学习 恶意软件 任务(项目管理) 鉴定(生物学) 网络攻击 领域(数学分析) 数学分析 植物 管理 数学 经济 生物
作者
Ehtsham Irshad,Abdul Basit Siddiqui
出处
期刊:Egyptian Informatics Journal [Elsevier BV]
卷期号:24 (1): 43-59 被引量:29
标识
DOI:10.1016/j.eij.2022.11.001
摘要

Cyber-threat attribution is the identification of attacker responsible for a cyber-attack. It is a challenging task as attacker uses different obfuscation and deception techniques to hide its identity. After an attack has occurred, digital forensic investigation is conducted to collect evidence from network/system logs. After investigation and collecting evidence reports are published in multiple formats such as text and PDF. There is no standard format for publishing these reports, so extracting meaningful information from these reports is a challenging task. Manual extraction of features from unstructured cyber-threat intelligence (CTI) is a difficult task. There is a need for an automated mechanism to extract features from unstructured reports and attribute cyber-threat actor (CTA). The aim of this research is to develop a mechanism to attribute or profile cyber threat actors (CTA) by extracting features from CTI reports. Moreover define a methodology to extract features from unstructured CTI reports by using natural language processing (NLP) techniques and then attributing cyber threat actor by using machine learning algorithms. Extracting features i.e., tactics, techniques, tools, malware, target organization/country and application by using novel embedding model known as" Attack2vec" which is trained on domain specific embeddings. Training model on domain specific embedding produces high results as compared to model train on general embeddings specially in the field of cyber security. Results of this novel model is compared with different methods. Machine learning algorithms such as decision tree, random forest, support vector machine is used for classification of CTA. This novel model produces high results as compared to other models with Accuracy of 96%, Precision of 96.4%, Recall of 95.58% and F1-measure of 95.75%.
最长约 10秒,即可获得该文献文件

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
刚刚
时尚梦易应助awa606采纳,获得10
3秒前
Tashanzhishi完成签到,获得积分10
4秒前
舒心外套发布了新的文献求助10
7秒前
Lucas应助舒心外套采纳,获得30
17秒前
帅气的芷文完成签到,获得积分10
41秒前
paradox完成签到 ,获得积分10
49秒前
小白完成签到 ,获得积分10
1分钟前
机智的苗条完成签到,获得积分10
1分钟前
英姑应助Sience采纳,获得10
1分钟前
2分钟前
Sience发布了新的文献求助10
2分钟前
闪闪的雪卉完成签到,获得积分10
2分钟前
桐桐应助zy采纳,获得10
2分钟前
2分钟前
lenne完成签到,获得积分10
2分钟前
2分钟前
zy发布了新的文献求助10
2分钟前
舒心外套发布了新的文献求助30
2分钟前
zy完成签到,获得积分10
2分钟前
领导范儿应助随机科研采纳,获得10
2分钟前
CipherSage应助舒心外套采纳,获得30
2分钟前
刘一手发布了新的文献求助10
2分钟前
edwardyhc发布了新的文献求助10
3分钟前
刘一手完成签到,获得积分20
3分钟前
3分钟前
AH发布了新的文献求助10
3分钟前
菜菜完成签到 ,获得积分10
3分钟前
3分钟前
AH完成签到,获得积分10
4分钟前
4分钟前
edwardyhc发布了新的文献求助10
4分钟前
可靠花生完成签到,获得积分10
4分钟前
开心惜梦完成签到,获得积分10
4分钟前
无极微光应助常山赵紫龍采纳,获得20
5分钟前
5分钟前
沉默寻凝完成签到,获得积分10
5分钟前
JamesPei应助常山赵紫龍采纳,获得10
5分钟前
香蕉觅云应助黑色空格采纳,获得10
6分钟前
6分钟前
高分求助中
Principles of Economics, 11th Edition 10000
University Physics with Modern Physics, 16th edition 10000
(应助此贴封号)【重要!!请各用户(尤其是新用户)详细阅读】【科研通的精品贴汇总】 10000
Development of a Bridge Weigh-In-Motion System: A technology to convert the bridge response to the passage of traffic into data on vehicle configurations, speeds, times of travel and weights 1000
ズームレンズの光学設計に関する研究 800
Fundamentals of Pharmaceutical and Biologics Regulations: A Global Perspective, Second Edition 700
Matrix Methods in Data Mining and Pattern Recognition Second Edition 610
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7281916
求助须知:如何正确求助?哪些是违规求助? 8902780
关于积分的说明 18833503
捐赠科研通 6953149
什么是DOI,文献DOI怎么找? 3207531
关于科研通互助平台的介绍 2377815
邀请新用户注册赠送积分活动 2182711