Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
102 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Noise Contrastive Estimation-based Matching Framework for Low-Resource Security Attack Pattern Recognition (2401.10337v3)

Published 18 Jan 2024 in cs.LG, cs.AI, cs.CL, and cs.CR

Abstract: Tactics, Techniques and Procedures (TTPs) represent sophisticated attack patterns in the cybersecurity domain, described encyclopedically in textual knowledge bases. Identifying TTPs in cybersecurity writing, often called TTP mapping, is an important and challenging task. Conventional learning approaches often target the problem in the classical multi-class or multilabel classification setting. This setting hinders the learning ability of the model due to a large number of classes (i.e., TTPs), the inevitable skewness of the label distribution and the complex hierarchical structure of the label space. We formulate the problem in a different learning paradigm, where the assignment of a text to a TTP label is decided by the direct semantic similarity between the two, thus reducing the complexity of competing solely over the large labeling space. To that end, we propose a neural matching architecture with an effective sampling-based learn-to-compare mechanism, facilitating the learning process of the matching model despite constrained resources.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (32)
  1. Automated threat report classification over multi-source data. In 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pages 236–245. IEEE.
  2. Robert Bamler and Stephan Mandt. 2020. Extreme classification via adversarial softmax approximation. (arXiv:2002.06298). ArXiv:2002.06298 [cs, stat].
  3. Extreme multi-label learning for semantic matching in product search. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, pages 2643–2651.
  4. A simple framework for contrastive learning of visual representations. In International conference on machine learning, pages 1597–1607. PMLR.
  5. Learning a similarity metric discriminatively, with application to face verification. In 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR’05), volume 1, pages 539–546. IEEE.
  6. Learning dense representations for entity retrieval. In Proceedings of the 23rd Conference on Computational Natural Language Learning (CoNLL), page 528–537, Hong Kong, China. Association for Computational Linguistics.
  7. Michael Gutmann and Aapo Hyvärinen. 2010. Noise-contrastive estimation: A new estimation principle for unnormalized statistical models. In Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, page 297–304. JMLR Workshop and Conference Proceedings.
  8. Ttpdrill: Automatic and accurate extraction of threat actions from unstructured text of cti sources. In Proceedings of the 33rd Annual Computer Security Applications Conference, page 103–115, Orlando FL USA. ACM.
  9. Probabilistic label trees for extreme multi-label classification. arXiv preprint arXiv:2009.11218.
  10. Lightxml: Transformer with dynamic negative sampling for high-performance extreme multi-label text classification. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 35, pages 7987–7994.
  11. Andrej Karpathy. 2023. State of gpt.
  12. Automated retrieval of att&ck tactics and techniques for cyber threat reports. arXiv:2004.14322 [cs]. ArXiv: 2004.14322.
  13. Extraction of threat actions from threat-related articles using multi-label machine learning classification method. In 2019 2nd International Conference on Safety Produce Informatization (IICSPI), page 428–431.
  14. A natural language processing based trend analysis of advanced persistent threat techniques. In 2018 IEEE International Conference on Big Data (Big Data), pages 2995–3000. IEEE.
  15. Representation learning with contrastive predictive coding. arXiv preprint arXiv:1807.03748.
  16. Automatic mapping of unstructured cyber threat intelligence: An experimental study: (practical experience report). In 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE), pages 181–192, Los Alamitos, CA, USA. IEEE Computer Society.
  17. Asymmetric loss for multi-label classification. In 2021 IEEE/CVF International Conference on Computer Vision (ICCV), page 82–91, Montreal, QC, Canada. IEEE.
  18. Deep learning is robust to massive label noise. arXiv preprint arXiv:1705.10694.
  19. Facenet: A unified embedding for face recognition and clustering. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 815–823.
  20. Kihyuk Sohn. 2016. Improved deep metric learning with multi-class n-pair loss objective. Advances in neural information processing systems, 29.
  21. MITRE ATT&CK®: Design and Philosophy. Technical report, MITRE Corporation, McLean, VA.
  22. Co-stack residual affinity networks with multi-level attention refinement for matching text sequences. In Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing, pages 4492–4502.
  23. Sun Tzu. The Art of War. 5th century BC.
  24. Matching networks for one shot learning. Advances in neural information processing systems, 29.
  25. Bilateral multi-perspective matching for natural language sentences. In Proceedings of the 26th International Joint Conference on Artificial Intelligence, pages 4144–4150.
  26. A no-regret generalization of hierarchical softmax to extreme multi-label classification. Advances in neural information processing systems, 31.
  27. Simple and effective text matching with richer alignment features. In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, pages 4699–4709.
  28. Learning discriminative projections for text similarity measures. In Proceedings of the Fifteenth Conference on Computational Natural Language Learning, page 247–256, Portland, Oregon, USA. Association for Computational Linguistics.
  29. Attentionxml: Label tree-based attention-aware deep model for high-performance extreme multi-label text classification. Advances in Neural Information Processing Systems, 32.
  30. Tim: threat context-enhanced ttp intelligence mining on unstructured threat data. Cybersecurity, 5(1):3.
  31. Pecos: Prediction for enormous and correlated output spaces. Journal of Machine Learning Research, 23:1–32.
  32. Fast multi-resolution transformer fine-tuning for extreme multi-label text classification. Advances in Neural Information Processing Systems, 34:7267–7280.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (3)
  1. Tu Nguyen (15 papers)
  2. Alexander Neth (1 paper)
  3. Nedim Šrndić (1 paper)
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets