Proactive security defense: cyber threat intelligence modeling for connected autonomous vehicles
- URL: http://arxiv.org/abs/2410.16016v1
- Date: Mon, 21 Oct 2024 13:49:35 GMT
- Title: Proactive security defense: cyber threat intelligence modeling for connected autonomous vehicles
- Authors: Yinghui Wang, Yilong Ren, Zhiyong Cui, Haiyang Yu,
- Abstract summary: We suggest an automotive CTI modeling framework, Actim, to extract and analyse the interrelated relationships among cyber threat elements.
Experiment results show that the proposed BERT-DocHiatt-BiLSTM-LSTM model exceeds the performance of existing methods.
- Score: 18.956583063203738
- License:
- Abstract: Cybersecurity has become a crucial concern in the field of connected autonomous vehicles. Cyber threat intelligence (CTI), as the collection of cyber threat information, offers an ideal way for responding to emerging cyber threats and realizing proactive security defense. However, instant analysis and modeling of vehicle cybersecurity data is a fundamental challenge since its complex and professional context. In this paper, we suggest an automotive CTI modeling framework, Actim, to extract and analyse the interrelated relationships among cyber threat elements. Specifically, we first design a vehicle security-safety conceptual ontology model to depict various threat entity classes and their relations. Then, we manually annotate the first automobile CTI corpus by using real cybersecurity data, which comprises 908 threat intelligence texts, including 8195 entities and 4852 relationships. To effectively extract cyber threat entities and their relations, we propose an automotive CTI mining model based on cross-sentence context. Experiment results show that the proposed BERT-DocHiatt-BiLSTM-LSTM model exceeds the performance of existing methods. Finally, we define entity-relation matching rules and create a CTI knowledge graph that structurally fuses various elements of cyber threats. The Actim framework enables mining the intrinsic connections among threat entities, providing valuable insight on the evolving cyber threat landscape.
Related papers
- CTINEXUS: Leveraging Optimized LLM In-Context Learning for Constructing Cybersecurity Knowledge Graphs Under Data Scarcity [49.657358248788945]
Textual descriptions in cyber threat intelligence (CTI) reports are rich sources of knowledge about cyber threats.
Current CTI extraction methods lack flexibility and generalizability, often resulting in inaccurate and incomplete knowledge extraction.
We propose CTINexus, a novel framework leveraging optimized in-context learning (ICL) of large language models.
arXiv Detail & Related papers (2024-10-28T14:18:32Z) - A dataset for cyber threat intelligence modeling of connected autonomous vehicles [17.58243748365034]
This paper reports the creation of a cyber threat intelligence corpus focusing on vehicle cybersecurity knowledge mining.
The proposed dataset will serve as a valuable resource for evaluating the performance of existing algorithms and advancing research in cyber threat intelligence modeling within the automotive field.
arXiv Detail & Related papers (2024-10-18T16:55:12Z) - SEvenLLM: Benchmarking, Eliciting, and Enhancing Abilities of Large Language Models in Cyber Threat Intelligence [27.550484938124193]
This paper introduces a framework to benchmark, elicit, and improve cybersecurity incident analysis and response abilities.
We create a high-quality bilingual instruction corpus by crawling cybersecurity raw text from cybersecurity websites.
The instruction dataset SEvenLLM-Instruct is used to train cybersecurity LLMs with the multi-task learning objective.
arXiv Detail & Related papers (2024-05-06T13:17:43Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - Reinforcement Learning based Cyberattack Model for Adaptive Traffic
Signal Controller in Connected Transportation Systems [61.39400591328625]
In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time.
This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes.
One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network.
An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
arXiv Detail & Related papers (2022-10-31T20:12:17Z) - Recognizing and Extracting Cybersecurtity-relevant Entities from Text [1.7499351967216343]
Cyber Threat Intelligence (CTI) is information describing threat vectors, vulnerabilities, and attacks.
CTI is often used as training data for AI-based cyber defense systems such as Cybersecurity Knowledge Graphs (CKG)
arXiv Detail & Related papers (2022-08-02T18:44:06Z) - Simulating Malicious Attacks on VANETs for Connected and Autonomous
Vehicle Cybersecurity: A Machine Learning Dataset [0.4129225533930965]
Connected and Autonomous Vehicles (CAVs) rely on Vehicular Adhoc Networks with wireless communication between vehicles and roadside infrastructure to support safe operation.
cybersecurity attacks pose a threat to VANETs and the safe operation of CAVs.
This study proposes the use of simulation for modelling typical communication scenarios which may be subject to malicious attacks.
arXiv Detail & Related papers (2022-02-15T20:08:58Z) - Generating Cyber Threat Intelligence to Discover Potential Security
Threats Using Classification and Topic Modeling [6.0897744845912865]
Cyber Threat Intelligence (CTI) has been represented as one of the proactive and robust mechanisms.
Our goal is to identify and explore relevant CTI from hacker forums by using different supervised and unsupervised learning techniques.
arXiv Detail & Related papers (2021-08-16T02:30:29Z) - A System for Automated Open-Source Threat Intelligence Gathering and
Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z) - A System for Efficiently Hunting for Cyber Threats in Computer Systems
Using Threat Intelligence [78.23170229258162]
We build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI.
ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, and (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors.
arXiv Detail & Related papers (2021-01-17T19:44:09Z) - Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence [94.94833077653998]
ThreatRaptor is a system that facilitates threat hunting in computer systems using open-source Cyber Threat Intelligence (OSCTI)
It extracts structured threat behaviors from unstructured OSCTI text and uses a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities.
Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
arXiv Detail & Related papers (2020-10-26T14:54:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.