Skip to main content
SpringerLink
Log in

Knowledge Mining in Cybersecurity: From Attack to Defense

  • Conference paper
  • First Online:
Data and Applications Security and Privacy XXXVI (DBSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13383))

Included in the following conference series:

Abstract

In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to aid the security analyst by introducing a tool which will help to produce a swift and effective response to incoming threats. If an analyst identifies the nature of an incoming attack, our system can produce a ranked list of solutions for the analyst to quickly try out, saving both effort and time. Currently, the security analyst is typically left to manually produce a solution by consulting existing frameworks and knowledge bases, such as the ATT &CK and D3FEND frameworks by the MITRE Corporation. To solve these challenges, our tool leverages state-of-the-art machine learning frameworks to provide a comprehensive solution for security analysts. Our tool uses advanced natural language processing techniques, including a large language model (RoBERTa), to derive meaningful semantic associations between descriptions of offensive techniques and defensive countermeasures. Experimental results confirm that our proposed method can provide useful suggestions to the security analyst with good accuracy, especially in comparison to baseline approaches which fail to exhibit the semantic and contextual understanding necessary to make such associations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Akbar, K.A., Wang, Y., Islam, M.S., Singhal, A., Khan, L., Thuraisingham, B.: Identifying tactics of advanced persistent threats with limited attack traces. In: Tripathy, S., Shyamasundar, R.K., Ranjan, R. (eds.) ICISS 2021. LNCS, vol. 13146, pp. 3–25. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92571-0_1

    Chapter  Google Scholar 

  2. Ayoade, G., et al.: Evolving advanced persistent threat detection using provenance graph and metric learning. In: 2020 IEEE Conference on Communications and Network Security (CNS), pp. 1–9 (2020). https://doi.org/10.1109/CNS48642.2020.9162264

  3. Ayoade, G., Chandra, S., Khan, L., Hamlen, K., Thuraisingham, B.: Automated threat report classification over multi-source data. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pp. 236–245 (2018). https://doi.org/10.1109/CIC.2018.00040

  4. Booth, H., Rike, D., Witte, G.: The national vulnerability database (NVD): Overview (2013-12-18 2013). https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=915172

  5. Debnath, B., et al.: Loglens: a real-time log analysis system. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 1052–1062 (2018). https://doi.org/10.1109/ICDCS.2018.00105

  6. Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. In: NAACL (2019)

    Google Scholar 

  7. Face, H.: RoBERTae (2019). https://huggingface.co/docs/transformers/model_doc/roberta. Accessed 26 Mar 2022

  8. GloVe: Global vectors for word representation (2014). https://nlp.stanford.edu/projects/glove/. Accessed 21 Mar 2022

  9. Han, J., Khan, L., Masud, M., Gao, J., Thuraisingham, B.: Systems and methods for detecting a novel data class, October 2015, 9165051

    Google Scholar 

  10. Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1, 80 (2011)

    Google Scholar 

  11. Jibilian, I., Canales, K.: The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal (2021). https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12. Accessed 13-April 2022

  12. Liu, Y., et al.: RoBERTa: a robustly optimized BERT pretraining approach. arXiv:abs/1907.11692 (2019)

  13. Masud, M.M., Gao, J., Khan, L., Han, J., Thuraisingham, B.: Classification and novel class detection in data streams with active mining. In: Zaki, M.J., Yu, J.X., Ravindran, B., Pudi, V. (eds.) PAKDD 2010. LNCS (LNAI), vol. 6119, pp. 311–324. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13672-6_31

    Chapter  Google Scholar 

  14. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013)

    Google Scholar 

  15. Mikolov, T., Sutskever, I., Chen, K., Corrado, G., Dean, J.: Distributed representations of words and phrases and their compositionality. CoRR abs/1310.4546 (2013). http://arxiv.org/abs/1310.4546

  16. MITRE: CVE. https://cve.mitre.org/

  17. MITRE: Enterprise matrix (2015–2021). https://attack.mitre.org/matrices/enterprise/. Accessed 10 Mar 2022

  18. MITRE: D3fend (2021). https://d3fend.mitre.org. Accessed 10 Mar 2022

  19. OpenCV: Zero-shot learning : An introduction (2020). https://learnopencv.com/zero-shot-learning-an-introduction/. Accessed 13 Mar 2022

  20. OpenIOC: Open indicator of compromise (2013). https://www.fireeye.com/blog/threat-research/2013/10/openioc-basics.html. Accessed 18 June 2021

  21. Pennington, J., Socher, R., Manning, C.D.: Glove: Global vectors for word representation. In: Empirical Methods in Natural Language Processing (EMNLP), pp. 1532–1543 (2014). http://www.aclweb.org/anthology/D14-1162

  22. Sammut, C., Webb, G.I. (eds.): TF-IDF, pp. 986–987. Springer, US, Boston, MA (2010). https://doi.org/10.1007/978-0-387-30164-8_832

  23. STIX: Structured threat information expression (2021). https://oasis-open.github.io/cti-documentation. Accessed 18 June 2021

  24. Strom, B.E., et al.: Finding cyber threats with ATT &CK - based analytics, June 2017. https://www.mitre.org/publications/technical-papers/finding-cyber-threats-with-attck-based-analytics

  25. TAXII: Trusted automated exchange of intelligence information (2021). https://oasis-open.github.io/cti-documentation. Accessed 18 June 2021

  26. Zou, Q., Singhal, A., Sun, X., Liu, P.: Deep learning for detecting network attacks: an end to end approach. No. 12840, DBSec 2021: Data and Applications Security and Privacy XXXV, Virtual, US (2021-07-19 04:07:00 2021). https://doi.org/10.1007/978-3-030-81242-3_13, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930878

Download references

Acknowledgement

The research reported herein was supported in part by NSF awards DMS-1737978, DGE-2039542, OAC-1828467, OAC-1931541, and DGE-1906630, ONR awards N00014-17-1-2995 and N00014-20-1-2738, Army Research Office Contract No. W911NF2110032, DARPA FA8750-19-C-0006, and IBM faculty award (Research).

Author information

Authors and Affiliations

  1. The University of Texas at Dallas, 800 West Campbell Road, Richardson, TX, 75080, USA

    Khandakar Ashrafi Akbar, Sadaf Md Halim, Yibo Hu, Latifur Khan & Bhavani Thuraisingham

  2. National Institute of Standards and Technology, 100 Bureau Drive, Gaithersburg, MD, 20899, USA

    Anoop Singhal

Authors
  1. Khandakar Ashrafi Akbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sadaf Md Halim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yibo Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anoop Singhal
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Latifur Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bhavani Thuraisingham
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khandakar Ashrafi Akbar .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, West Bengal, India

    Shamik Sural

  2. Department of Information Systems and Analytics, Santa Clara University, Santa Clara, CA, USA

    Haibing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Akbar, K.A., Halim, S.M., Hu, Y., Singhal, A., Khan, L., Thuraisingham, B. (2022). Knowledge Mining in Cybersecurity: From Attack to Defense. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10684-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10683-5

  • Online ISBN: 978-3-031-10684-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation