AIセキュリティポータル K Program
AttackER: Towards Enhancing Cyber-Attack Attribution with a Named Entity Recognition Dataset
Share
Source
https://arxiv.org/abs/2408.05149
PDF
https://arxiv.org/pdf/2408.05149
Abstract
Cyber-attack attribution is an important process that allows experts to put in place attacker-oriented countermeasures and legal actions. The analysts mainly perform attribution manually, given the complex nature of this task. AI and, more specifically, Natural Language Processing (NLP) techniques can be leveraged to support cybersecurity analysts during the attribution process. However powerful these techniques are, they need to deal with the lack of datasets in the attack attribution domain. In this work, we will fill this gap and will provide, to the best of our knowledge, the first dataset on cyber-attack attribution. We designed our dataset with the primary goal of extracting attack attribution information from cybersecurity texts, utilizing named entity recognition (NER) methodologies from the field of NLP. Unlike other cybersecurity NER datasets, ours offers a rich set of annotations with contextual details, including some that span phrases and sentences. We conducted extensive experiments and applied NLP techniques to demonstrate the dataset's effectiveness for attack attribution. These experiments highlight the potential of Large Language Models (LLMs) capabilities to improve the NER tasks in cybersecurity datasets for cyber-attack attribution.
Bert: Pre-training of deep bidirectional transformers for language understanding
Jacob Devlin, Ming-Wei Chang, Kenton Lee, Kristina Toutanova
Published: 2019
Named entity recognition in cyber threat intelligence using transformer-based models
Pavlos Evangelatos, Christos Iliou, Thanassis Mavropoulos, Konstantinos Apostolou, Theodora Tsikrika, Stefanos Vrochidis, Ioannis Kompatsiaris
Published: 2021
Lstm recurrent neural networks for cybersecurity named entity recognition
Houssem Gasmi, Abdelaziz Bouras, Jannik Laval
Published: 2018
Information extraction of cybersecurity concepts: An lstm approach
Houssem Gasmi, Jannik Laval, Abdelaziz Bouras
Published: 2019
A novel ontology for cyber-attack attribution and investigation
Dilpreet Kaur Gill, Erisa Karafili
Published: 2024
spacy: Industrial-strength natural language processing in python
Matthew Honnibal, Ines Montani, Sofie Van Landeghem, Adriane Boyd
Published: 2020
Extracting cybersecurity related linked data from text
Arnav Joshi, Ravendar Lal, Tim Finin, Anupam Joshi
Published: 2013
Large language models are zero-shot reasoners
Takeshi Kojima, Shixiang Shane Gu, Machel Reid, Yutaka Matsuo, Yusuke Iwasawa
Published: 2022
Distributed representations of words and phrases and their compositionality
T. Mikolov, I. Sutskever, K. Chen, G. S. Corrado, J. Dean
Published: 2013
Extracting information about security vulnerabilities from web text
Varish Mulwad, Wenjia Li, Anupam Joshi, Tim Finin, Krishnamurthy Viswanathan
Published: 2011
No-doubt: Attack attribution based on threat intelligence reports
Lior Perry, Bracha Shapira, Rami Puzis
Published: 2019
Evaluation metrics and statistical tests for machine learning
Oona Rainio, Jarmo Teuho, Riku Klén
Published: 2024
Attributing cyber attacks
Thomas Rid, Ben Buchanan
Published: 2015
AI-driven cybersecurity: an overview, security intelligence modeling and research directions
Iqbal H Sarker, Md Hasan Furhad, Raza Nowrozy
Published: 2021
Evaluation of LLM Chatbots for OSINT-based Cyber Threat Awareness
Samaneh Shafee, Alysson Bessani, Pedro M. Ferreira
Published: 2024.1.26
Using bert and augmentation in named entity recognition for cybersecurity domain
Mikhail Tikhomirov, N Loukachevitch, Anastasiia Sirotina, Boris Dobrov
Published: 2020
Share