论文标题
非结构化网络威胁智能的自动映射:一项实验研究
Automatic Mapping of Unstructured Cyber Threat Intelligence: An Experimental Study
论文作者
论文摘要
积极的安全方法,例如对手仿真,利用有关威胁行为者及其技术的信息(网络威胁智能,CTI)。但是,大多数CTI仍然以非结构化的形式(即自然语言),例如事件报告和泄漏的文件。为了支持积极的安全工作,我们提出了一项实验研究,该研究将非结构化CTI自动分类为使用机器学习(ML)的攻击技术。我们为CTI分析的两个新数据集做出了贡献,并评估了几种ML模型,包括传统和深度学习模型。我们介绍了几个课程,了解了ML在此任务中的执行方式,哪些分类器在哪些条件下,这是分类错误的主要原因,以及CTI分析的挑战。
Proactive approaches to security, such as adversary emulation, leverage information about threat actors and their techniques (Cyber Threat Intelligence, CTI). However, most CTI still comes in unstructured forms (i.e., natural language), such as incident reports and leaked documents. To support proactive security efforts, we present an experimental study on the automatic classification of unstructured CTI into attack techniques using machine learning (ML). We contribute with two new datasets for CTI analysis, and we evaluate several ML models, including both traditional and deep learning-based ones. We present several lessons learned about how ML can perform at this task, which classifiers perform best and under which conditions, which are the main causes of classification errors, and the challenges ahead for CTI analysis.
