Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

TTPXHunter: Actionable Threat Intelligence Extraction as TTPs from Finished Cyber Threat Reports (2403.03267v3)

Published 5 Mar 2024 in cs.CR

Abstract: Understanding the modus operandi of adversaries aids organizations in employing efficient defensive strategies and sharing intelligence in the community. This knowledge is often present in unstructured natural language text within threat analysis reports. A translation tool is needed to interpret the modus operandi explained in the sentences of the threat report and translate it into a structured format. This research introduces a methodology named TTPXHunter for the automated extraction of threat intelligence in terms of Tactics, Techniques, and Procedures (TTPs) from finished cyber threat reports. It leverages cyber domain-specific state-of-the-art NLP to augment sentences for minority class TTPs and refine pinpointing the TTPs in threat analysis reports significantly. The knowledge of threat intelligence in terms of TTPs is essential for comprehensively understanding cyber threats and enhancing detection and mitigation strategies. We create two datasets: an augmented sentence-TTP dataset of 39,296 samples and a 149 real-world cyber threat intelligence report-to-TTP dataset. Further, we evaluate TTPXHunter on the augmented sentence dataset and the cyber threat reports. The TTPXHunter achieves the highest performance of 92.42% f1-score on the augmented dataset, and it also outperforms existing state-of-the-art solutions in TTP extraction by achieving an f1-score of 97.09% when evaluated over the report dataset. TTPXHunter significantly improves cybersecurity threat intelligence by offering quick, actionable insights into attacker behaviors. This advancement automates threat intelligence analysis, providing a crucial tool for cybersecurity professionals fighting cyber threats.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (23)
  1. A different cup of {T⁢I}𝑇𝐼\{TI\}{ italic_T italic_I }? the added value of commercial threat intelligence. In 29th USENIX security symposium (USENIX security 20), pages 433–450, 2020.
  2. MITRE. ”ATT&CK Framework.” 2023. Available online: https://attack.mitre.org. [Accessed July 22, 2023].
  3. MITRE. ”Threat Report ATT&CK Mapper (TRAM).” 2023. Available online: https://github.com/center-for-threat-informed-defense/tram/. [Accessed Feb 22, 2024].
  4. Hugging Face. Transformers, 2024. Available online: https://huggingface.co/docs/transformers/en/index
  5. G. Salton, A. Wong, and C.-S. Yang, “A vector space model for automatic indexing,” Communications of the ACM, vol. 18, no. 11, pp. 613–620, 1975, ACM New York, NY, USA.
  6. Sentence-bert: Sentence embeddings using siamese bert-networks. arXiv preprint arXiv:1908.10084, 2019.
  7. Attention is all you need. Advances in neural information processing systems, 30, 2017.
  8. Nafiz Rifat, Mostofa Ahsan, Md Chowdhury, and Rahul Gomes, “BERT against social engineering attack: Phishing text detection,” in 2022 IEEE International Conference on Electro Information Technology (eIT), IEEE, 2022, pp. 1–6.
  9. M. Tikhomirov, N. Loukachevitch, A. Sirotina, and B. Dobrov, “Using BERT and augmentation in named entity recognition for cybersecurity domain,” in Natural Language Processing and Information Systems: 25th International Conference on Applications of Natural Language to Information Systems, NLDB 2020, Saarbrücken, Germany, June 24–26, 2020, Proceedings 25, Springer, 2020, pp. 16–24.
  10. S. Barnum, “Standardizing cyber threat intelligence information with the structured threat information expression (STIX),” Mitre Corporation, vol. 11, pp. 1–22, 2012.
  11. A. C. P. L. F. de Carvalho and A. A. Freitas, “A tutorial on multi-label classification techniques,” in Foundations of Computational Intelligence Volume 5: Function Approximation and Classification, Springer, 2009, pp. 177–195.
  12. K. Sparck Jones, “A statistical interpretation of term specificity and its application in retrieval,” Journal of Documentation, vol. 28, no. 1, pp. 11–21, 1972, MCB UP Ltd.
  13. M.-L. Zhang and Z.-H. Zhou, “A review on multi-label learning algorithms,” IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 8, pp. 1819–1837, 2013, IEEE.
  14. Beltagy, Iz and Lo, Kyle and Cohan, Arman. “SciBERT: A pretrained language model for scientific text.” arXiv preprint arXiv:1903.10676, 2019.
  15. TTP-Based Hunting. MITRE CORP MCLEAN VA, Tech. Rep, 2019.
  16. G. Salton and M.E. Lesk, “Computer evaluation of indexing and text processing,” Journal of the ACM (JACM), vol. 15, no. 1, pp. 8–36, 1968, ACM New York, NY, USA.
  17. What are the attackers doing now? Automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: A survey. ACM Computing Surveys, 55(12):1–36, 2023, ACM New York, NY.
  18. MalXCap: A Method for Malware Capability Extraction. In International Conference on Information Security Practice and Experience, pages 230–249. Springer, 2023.
  19. Metrics for multi-class classification: an overview. arXiv preprint arXiv:2008.05756, 2020.
  20. Bader Al-Sada, Alireza Sadighian, and Gabriele Oligeri. “MITRE ATT&CK: State of the Art and Way Forward,” arXiv preprint arXiv:2308.14016, 2023.
  21. CTI view: APT threat intelligence analysis system. Security and Communication Networks, 2022:1–15, 2022. Hindawi Limited.
  22. Offensive security: Towards proactive threat hunting via adversary emulation. IEEE Access, 9:126023–126033, 2021.
  23. O.C. Briliyant, N.P. Tirsa, and M.A. Hasditama, “Towards an automated dissemination process of cyber threat intelligence data using STIX,” in 2021 6th International Workshop on Big Data and Information Security (IWBIS), pp. 109–114, 2021, IEEE.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Nanda Rani (10 papers)
  2. Bikash Saha (8 papers)
  3. Vikas Maurya (4 papers)
  4. Sandeep Kumar Shukla (20 papers)
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now