Study of Natural Language Processing for Collecting Cyber Threat Intelligence Using SyntaxNet
- Authors
- Kim, N.; Kim, M.; Lee, S.; Cho, H.; Kim, B.-I.; Park, J.-H.; Jun, M.S.
- Issue Date
- May-2019
- Publisher
- Springer Verlag
- Keywords
- Cyber threat intelligence; Cyberattack natural language processing; SyntaxNet
- Citation
- Lecture Notes in Electrical Engineering, v.565, pp.10 - 18
- Journal Title
- Lecture Notes in Electrical Engineering
- Volume
- 565
- Start Page
- 10
- End Page
- 18
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/34799
- DOI
- 10.1007/978-3-030-20717-5_2
- ISSN
- 1876-1100
- Abstract
- The importance of cyberattack analysis has increased for responding quickly and effectively to cyber threats, which are becoming more intelligent. Analyzing cyberattacks requires examining the resources (malicious code, IP, domain, vulnerability, etc.) used in the cyberattack, similarity between the resources, attack technique, attack target, and activity time. It is also necessary to collect the data to be used in the analysis of a cyberattack. The formatted data shared through a specific format can be collected according to that format. However, it is difficult to collect the data when the cyberattack analyst generates the analysis result in unformatted data in the form of a report. As a way to solve this problem, this paper proposes the technique of using natural language processing technology to collect the Indicator of Compromise (IoC) in the form of a report. We have outlined the technologies and designed the processing procedure needed to extract resource data (IoC) abused in cyberattacks and the attack techniques (TTPs) included in the report based on the natural language processing model (SyntaxNet) disclosed as open source by Google. Extracting 345,364 token data based on 190 malware(and cyberattack) analysis reports and testing of them by dividing them into learning and test data in the ratio of about 9:1 resulted in extraction of IoC data at an average f1-score of 76%. © 2019, Springer Nature Switzerland AG.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > School of Computer Science and Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.