A System for Automated Open-Source Threat Intelligence Gathering and
Management
- URL: http://arxiv.org/abs/2101.07769v2
- Date: Fri, 26 Feb 2021 20:50:51 GMT
- Title: A System for Automated Open-Source Threat Intelligence Gathering and
Management
- Authors: Peng Gao, Xiaoyuan Liu, Edward Choi, Bhavna Soman, Chinmaya Mishra,
Kate Farris, Dawn Song
- Abstract summary: SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
- Score: 53.65687495231605
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: To remain aware of the fast-evolving cyber threat landscape, open-source
Cyber Threat Intelligence (OSCTI) has received growing attention from the
community. Commonly, knowledge about threats is presented in a vast number of
OSCTI reports. Despite the pressing need for high-quality OSCTI, existing OSCTI
gathering and management platforms, however, have primarily focused on
isolated, low-level Indicators of Compromise. On the other hand, higher-level
concepts (e.g., adversary tactics, techniques, and procedures) and their
relationships have been overlooked, which contain essential knowledge about
threat behaviors that is critical to uncovering the complete threat scenario.
To bridge the gap, we propose SecurityKG, a system for automated OSCTI
gathering and management. SecurityKG collects OSCTI reports from various
sources, uses a combination of AI and NLP techniques to extract high-fidelity
knowledge about threat behaviors, and constructs a security knowledge graph.
SecurityKG also provides a UI that supports various types of interactivity to
facilitate knowledge graph exploration.
Related papers
- SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks.
Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data.
We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
arXiv Detail & Related papers (2024-06-20T08:34:50Z) - NLP-Based Techniques for Cyber Threat Intelligence [13.958337678497163]
Survey paper provides a comprehensive overview of NLP-based techniques applied in the context of threat intelligence.
It begins by describing the foundational definitions and principles of CTI as a major tool for safeguarding digital assets.
It then undertakes a thorough examination of NLP-based techniques for CTI data crawling from Web sources, CTI data analysis, Relation Extraction from cybersecurity data, CTI sharing and collaboration, and security threats of CTI.
arXiv Detail & Related papers (2023-11-15T09:23:33Z) - On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors.
We present ROAR, a new class of attacks that instantiate a variety of such threats.
We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
arXiv Detail & Related papers (2023-05-03T18:47:42Z) - ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
ThreatKG is an automated system for OSCTI gathering and management.
It efficiently collects a large number of OSCTI reports from multiple sources.
It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
arXiv Detail & Related papers (2022-12-20T16:13:59Z) - Towards Automated Classification of Attackers' TTPs by combining NLP
with ML Techniques [77.34726150561087]
We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research.
Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
arXiv Detail & Related papers (2022-07-18T09:59:21Z) - Blockchained Federated Learning for Threat Defense [0.0]
This research paper introduces the development of an intelligent Threat Defense system, employing Federated Learning.
The proposed framework combines Federated Learning for the distributed and continuously validated learning of the tracing algorithms.
The aim of the proposed Framework is to intelligently classify smart cities networks traffic derived from Industrial IoT (IIoT) by Deep Content Inspection (DCI) methods.
arXiv Detail & Related papers (2021-02-25T09:16:48Z) - A System for Efficiently Hunting for Cyber Threats in Computer Systems
Using Threat Intelligence [78.23170229258162]
We build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI.
ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, and (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors.
arXiv Detail & Related papers (2021-01-17T19:44:09Z) - Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence [94.94833077653998]
ThreatRaptor is a system that facilitates threat hunting in computer systems using open-source Cyber Threat Intelligence (OSCTI)
It extracts structured threat behaviors from unstructured OSCTI text and uses a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities.
Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
arXiv Detail & Related papers (2020-10-26T14:54:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.