Paragraph-based Estimation of Cyber Kill Chain Phase from Threat Intelligence Reports

THEIN, Thin Tharaphe; Ezawa, Yuki; Nakagawa, Shunta; Furumoto, Keisuke; Shiraishi, Yoshiaki; Mohri, Masami; Takano, Yasuhiro; Morii, Masakatu

doi:10.2197/ipsjjip.28.1025

Cited by 2 publications

(1 citation statement)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, none of this research captures detailed attack patterns in a standardized format nor utilizes CTI reports for analysis. In [41], Thein et al propose a neural network approach for classifying sentences of a document into five phases of the cyber kill chain, which are broad categories for all the phases of a cyberattack. Similarly, [14] combines dependency parser and heuristics to extract threat actions from a document and map them to kill chain phases.…”

Section: Related Workmentioning

confidence: 99%

Cyber Threat Intelligence for SOC Analysts

Rastogi,

Alam

2023

Proceedings 2023 Workshop on Security Operation Center Operations and Construction

View full text Add to dashboard Cite

knowledge-driven threat intelligence models that incorporate domain knowledge and relevant contextual information. This work will also result in faster attack detection and mitigation and better allocation of defensive resources. Toward these goals, this project is exploring the following two research directions:1) Enable the inclusion of domain security knowledge catering to different context vs. data relevance needs. A key challenge is to combine external abstract threat knowledge with internal, domain-specific knowledge. 2) Enable robust adaptation of time and trust varying, dynamically changing cyber threat knowledge in domainspecific information sources. A key challenge is to extract meaningful information with confidence. 3) Overcome the lack of evaluation mechanisms for context. A key challenge is combining ML's precision and accuracy to the ranked inferences of knowledge graphs applicable to given organizational policies and trustworthiness. This paper discusses ongoing research capturing the first goal and leaves the other two for future work.

show abstract

Section: Related Workmentioning

confidence: 99%