Cyber Threat Intelligence Extraction in Power Sector Using Deep Learning
Keywords:
Multi-Instance Learning, Cyber Threat Intelligence, Tactics, Techniques and Procedures (TTPs), Behaviour Analysis, Information ExtractionAbstract
Techniques, tactics, and procedures (TTPs) for threat intelligence (CTI) domain identification and extraction helps security analysts to determine the technical risks and recover the entire picture of cyber-attacks. Without sufficient domain background, frameworks can scarcely offer standard and comprehensive processing methods for TTPs extracting information. In this study, a multi-instance learning method called Power Sector Mask is suggested as a remedy of such backdrops. Power Sector collects behavioural epoch from CTI and using conditional distribution, forecasts the labels of TTPs. Yet, the structure provides two ways to assess the legitimacy of terms. One employing verification from experience by obstructing already-existing epoch, the other one confirms the misrepresentation of the categorization effect. In the trials, Power Sector achieved F1 scores for TTP Techniques of power sector mask model viz. AR_mask, SV_mask and MP_mask is 20.70%, 68.33% and 68.50% and F1 scores for TTP Tactics CNN and RNN are 30.7%, 67.34% and 69.70% respectively. In particular, deep leering model is use classification of model of F1 score in Tactics is better or lower than mask Techniques. In this research we also confirm the feasibility to obtain TTPs from malware with an enhanced F1 of POS-CNN is better/lower than all CNN and RNN.
Downloads
References
Check Point Research (2023). Cyber attack trends: 2023 mid-year report. Check Point Software Technologies Ltd, San Carlos, California, USA. https://pages.checkpoint.com/cyber-attack-2022-trends.html.
Bendovschi, A. (2015) Cyber-attacks - trends, patterns and security countermeasures. Procedia Economics and Finance, 28,24–31 7th International Conference on Financial Criminology 2015, 7th ICFC 2015, 13-14 April 2015,Wadham College,Oxford University, United Kingdom.
Yu, Z., Wang, J., Tang, B. and Lu, L. (2022) Tactics and techniques classification in cyber threat intelligence. The Computer Journal, bxac048.
Splunk (2022). State of observability 2022 report reveals organizations with mature observability practices significantly reduce costs while increasing innovation. Splunk Inc, San Francisco, USA. https://www.splunk.com/en_us/newsroom/press-releases/2022/state-of-observability-2022-report-revealsorganizations-with-mature-observability-practices-significantly -reduce-costs-while-increasing-innovation.html.
Abu, M.S., Selamat, S.R., Ariffin, A. and Yusof, R. (2018) Cyber threat intelligence–issue and challenges. Indonesian Journal of Electrical Engineering and Computer Science, 10, 371–379.
Carvey, H. (2014) Follow up on TTPs post. http://windowsir. blogspot.com/2014/04/follow-up-on-ttps-post.html (accessed June 1, 2022).
Maymí, F., Bixler, R., Jones, R. and Lathrop, S. (2017) Towards a definition of cyberspace tactics, techniques and procedures. In Jian-Yun Nie (ed), 2017 IEEE International Conference on Big Data (Big Data), pp. 4674–4679. IEEE, Boston, MA, USA.
Bahrami, P.N., Dehghantanha, A., Dargahi, T., Parizi, R.M., Choo, K.-K.R. and Javadi, H.H. (2019) Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures. Journal of information processing systems, 15, 865–889.
Legoy, V., Caselli, M., Seifert, C. and Peter, A. (2020) Automated retrieval of att&ck tactics and techniques for cyber threat reports. arXiv preprint arXiv:2004.14322. Cornell University, Ithaca, New York, USA.
You, Y., Jiang, J., Jiang, Z., Yang, P., Liu, B., Feng, H., Wang, X.and Li, N. (2022) Tim: threat context-enhanced ttp intelligence mining on unstructured threat data. Cybersecurity, 5, 1–17.
Liu, C., Wang, J. and Chen, X. (2022) Threat intelligence att&ck extraction based on the attention transformer hierarchical recurrent neural network. Appl. Soft Comput., 122, 108826.
Husari, G., Al-Shaer, E., Ahmed, M., Chu, B. and Niu, X. (2017) Ttpdrill: Automatic and accurate extraction of threat actions from unstructured text of cti sources. In David Balenson (ed) Proceedings of the 33rd annual computer security applications conference Orlando FL USA, 12, pp. 103–115. Association for Computing Machinery, New York, United States.
Husari, G., Niu, X., Chu, B. and Al-Shaer, E. (2018) Using entropy and mutual information to extract threat actions from cyber threat intelligence. In Dongwon Lee (ed) 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) (Vol. 11), pp. 1–6. IEEE, Miami, FL, USA.
Zhang, H., Shen, G., Guo, C., Cui, Y. and Jiang, C. (2021) Exaction: Automatically extracting threat actions from cyber threat intelligence report based on multimodal learning. Security and Communication Networks, 2021, 1–12.
Satvat, K., Gjomemo, R. and Venkatakrishnan, V. (2021) Extractor: Extracting attack behavior from threat reports. In Lujo Bauer (ed) 2021 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 598–615. IEEE, Vienna, Austria.
Manning, C.D., Surdeanu, M., Bauer, J., Finkel, J.R., Bethard,S. and McClosky, D. (2014) The stanford corenlp natural language processing toolkit. In Kalina Bontcheva and Jingbo Zhu (eds) Proceedings of 52nd annual meeting of the association for computational linguistics: system demonstrations Baltimore, Maryland USA, 06, pp. 55–60. Association for Computational Linguistics, Baltimore, Maryland.
Schmitt, X., Kubler, S., Robert, J., Papadakis, M. and LeTraon, Y. (2019) A replicable comparison study of ner software: Stanfordnlp, nltk, opennlp, spacy, gate. In Mohammad Alsmirat and Yaser Jararweh (eds) 2019 Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS),pp. 338–343. IEEE, Granada, Spain.
Miller, G.A. (1995) Wordnet: A lexical database for english.Commun. ACM, 38, 39–41.
Papagiannopoulou, E., Tsoumakas, G., and Papadopoulos, A.N. (2020) Keywords lie far from the mean of all words in local vector space. arXiv preprint arXiv:2008.09513. Cornell University, Ithaca, New York, USA.
Zhou, Z. (2018) A brief introduction to weakly supervised learning. Natl. Sci. Rev., 5, 44–53.
Mavroeidis, V. and Bromander, S. (2017) Cyber threat intelligence model: An evaluation of taxonomies, sharing standards,and ontologies within cyber threat intelligence. In Joel Brynielsson (ed) 2017 European Intelligence and Security Informatics Conference (EISIC), pp. 91–98. IEEE, Athens, Greece.
Casey, T. (2007) Threat Agent Library Helps Identify Information Security Risks. Intel White Paper, Santa Clara, USA.
Pham, V. and Dang, T. (2018) Cvexplorer: Multidimensional visualization for common vulnerabilities and exposures. In Naoki Abe, Huan Liu, Calton Pu, Xiaohua Hu, Nesreen Ahmed, Mu Qiao, Yang Song, Donald Kossmann, Bing Liu, Kisung Lee, Jiliang Tang, Jingrui He and Jeffrey Saltz (eds) 2018 IEEE International Conference on Big Data (Big Data), pp. 1296– 1301. IEEE, Seattle, WA, USA.
Strom, E.B., Applebaum, A., Miller, P.D., Nickels, C.K., Pennington, G.A. and Thomas, B.C. (2018) Mitre ATT&CK™:Design and Philosophy. Mitre Corporation, Bedford, Massachusetts or McLean, Virginia.
Nielsen, T.L., Abildskov, J., Harper, P.M., Papaeconomou, I. and Gani, R. (2001) The capec database. J. Chem. Eng. Data, 46, 1041–1044.
Barnum, S. (2021) Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™). Mitre Corporation, Bedford, Massachusetts or McLean, Virginia.
Grisham, J., Samtani, S., Patton, M. and Chen, H. (2017) Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. In Xiaolong Zheng, Hui Zhang, Chunxiao Xing, G. Alan Wang, Lina Zhou and Bo Luo (eds) 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 13–18. IEEE, Beijing, China.
Yagcioglu, S., Seyfioglu, M. S., Citamak, B., Bardak, B., Guldamlasioglu, S., Yuksel, A., and Tatli, E. I. (2019) Detecting cybersecurity events from noisy short text. arXiv preprint arXiv:1904.05054. Cornell University, Ithaca, New York, USA.
Usman, N., Usman, S., Khan, F., Ahmad Jan, M., Sajid, A., Alazab, M. and Watters, P. (2021) Intelligent dynamic malware detection using machine learning in ip reputation for forensics data analytics. Future Generation Computer Systems, 118, 124–141.
Sun, X., Wang, Z., Yang, J. and Liu, X. (2020) Deepdom: Malicious domain detection with scalable and heterogeneous graph convolutional networks. Comput. Secur., 99, 102057.
AbdulNabi, I. and Yaseen, Q. (2021) Spam email detection using deep learning techniques. Procedia Computer Science,184, 853–858.
Kim, G., Lee, C., Jo, J. and Lim, H. (2020) Automatic extraction of named entities of cyber threats using a deep bi-lstm-crf network. International journal of machine learning and cybernetics,11, 2341–2355.
Arnold, N., Ebrahimi, M., Zhang, N., Lazarine, B., Patton, M. and Samtani, S. (2019) (2019) Dark-net ecosystem cyberthreat intelligence (cti) tool. IEEE International Conference on Intelligence and Security Informatics (ISI), 07, 92–97.
Rastogi, N., Dutta, S., Zaki, M.J., Gittens, A. and Aggarwal,C. (2020) Malont: An ontology for malware threat intelligence. In Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds) Deployable Machine Learning for Security Defense, Cham, pp. 28–44.Springer International Publishing, London, UK.
Fujii, S., Kawaguchi, N., Shigemoto, T. and Yamauchi, T. (2022) Cyner: Information extraction from unstructured text of cti sources with noncontextual iocs. In Cheng, C.-M., Akiyama, M. (eds) Advances in Information and Computer Security, Cham, pp. 85–104. Springer International Publishing, London,UK.
Yaman, E. and Krdzalic-Koric, K. (2019) Address entities extrac- ˇtion using named entity recognition. In Muhammad Younas,Irfan Awan and Filipe Portela (eds) 2019 7th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 13–17. IEEE, Istanbul, Turkey.
Bromander, S., Jøsang, A. and Eian, M. (2016) Semantic cyberthreat modelling. In Kathryn Blackmond Laskey, Ian Emmons, Paulo C.G. Costa, Alessandro Oltramari (eds) The 11th International Conference on Semantic Technology for Intelligence, Defense, and Security (STIDS 2016), Fairfax, Virginia Campus, USA, November 2016. 74–78.
Milajerdi, S.M., Eshete, B., Gjomemo, R. and Venkatakrishnan,V. (2019) Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting. In Lorenzo Cavallaro, Johannes Kinder (eds) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security London, UK, CCS ‘19, pp. 1795–1812. Association for Computing Machinery, New York, US.
Carvey, H. (2014). TTPs. http://windowsir.blogspot.com/2014/ 04/ttps.html (accessed June 1, 2022).
Unfetter-Discover (2018). Unfetter insight. Github, https:// github.com/unfetter-discover/unfetter-insight.
Niakanlahiji, A., Wei, J. and Chu, B.-T. (2018) A natural language processing based trend analysis of advanced persistent threat techniques. In Naoki Abe, Huan Liu, Calton Pu, Xiaohua Hu, Nesreen Ahmed, Mu Qiao, Yang Song, Donald Kossmann, Bing Liu, Kisung Lee, Jiliang Tang, Jingrui He and Jeffrey Saltz (eds) 2018 IEEE International Conference on Big Data (Big Data) (Vol. 12), pp. 2995–3000. IEEE, Seattle, WA,USA.
Dietterich, T.G., Lathrop, R.H. and Lozano-Pérez, T. (1997) Solving the multiple instance problem with axis-parallel rectangles. Artificial Intelligence, 89, 31–71.
He, W. and Wang, Y. (2009) Text representation and classification based on multi-instance learning. In LAN Hua (ed) 2009 International Conference on Management Science and Engineering, pp. 34–39. IEEE, Moscow, Russia.
Bao, X., Liu, G., Yang, G. and Wang, S. (2020) Multiinstance multi-label text categorization algorithm based on multi-quadric function radial basis network model. In Zhang Jingzhong, WANG Jun (ed) 2020 3rd International Conference on Artificial Intelligence and Big Data (ICAIBD), pp.133–136. Sichuan Province Computer Federation, Chengdu,China.
Joulin, A., Grave, E., Bojanowski, P. and Mikolov, T. (2017) Bag of tricks for efficient text classification. the. In Phil Blunsom,Alexander Koller (ed) 15th Conference of the European Chapter of the Association for Computational Linguistics (Vol. 01), pp.427–431. Association for Computational Linguistics, Valencia,Spain.
Yacouby, R. and Axman, D. (2020) Probabilistic extension of precision, recall, and f1 score for more thorough evaluation of classification models. In Steffen Eger, Yang Gao, Maxime Peyrard, Wei Zhao and Eduard Hovy (eds) Proceedings of the First Workshop on Evaluation and Comparison of NLP Systems Online, 11, pp. 79–91. Association for Computational Linguistics, New York, US.
Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H. and Rieck,K. (2014) Drebin: Effective and explainable detection of android malware in your pocket. Symposium on Network and Distributed System Security (NDSS), 02, 23–26.
MLDroid (2017). Drebin/examples. Github Inc, San Francisco, California, US. https://github.com/MLDroid/drebin/tree/master/ src/Androguard/examples.
MITRE, “Common Vulnerabilities and Exposures, Accessed on: 25th May 2023. Available: https://cve.mitre.org.
MITRE, Common Weakness Enumeration, Accessed on: 28th May 2023. Available: https://cwe.mitre.org/about/index.html.
MITRE, ATT&CK®, Accessed on: 28th May 2023. Available: https://attack.mitre.org/
MITRE, Scoring CWEs, Accessed on: 29th May 2023. Available: https://cwe.mitre.org/scoring/index.html.
KaiLiu-Leo (2020). Ttpdrill/all.csv. Github Inc, San Francisco, California, US. https://raw.githubusercontent.com/KaiLiu-Leo/ TTPDrill-0.5/master/ontology/examples/All.csv.
Vlegoy (2020). rcatt/training_data_original.csv. Github Inc, San Francisco, California, US. https://raw.githubusercontent.com/ vlegoy/rcATT/master/classification_tools/data/training_data_original.csv
Mall, Pawan Kumar, et al. "Rank Based Two Stage Semi-Supervised Deep Learning Model for X-Ray Images Classification: AN APPROACH TOWARD TAGGING UNLABELED MEDICAL DATASET." Journal of Scientific & Industrial Research (JSIR) 82.08 (2023): 818-830
kumar Mall, Pawan, et al. "Self-Attentive CNN+ BERT: An Approach for Analysis of Sentiment on Movie Reviews Using Word Embedding." International Journal of Intelligent Systems and Applications in Engineering 12.12s (2024): 612-62.
Narayan, Vipul, et al. "7 Extracting business methodology: using artificial intelligence-based method." Semantic Intelligent Computing and Applications 16 (2023): 123.
Narayan, Vipul, et al. "A Comprehensive Review of Various Approach for Medical Image Segmentation and Disease Prediction." Wireless Personal Communications 132.3 (2023): 1819-1848
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
