Skip to main content
SpringerLink
Log in

AspIOC: Aspect-Enhanced Deep Neural Network for Actionable Indicator of Compromise Recognition

  • Conference paper
  • First Online:
Information Security (ISC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13640))

Included in the following conference series:

  • 766 Accesses

Abstract

A crucial component of unstructured threat information is the Indicator of Compromise (IOC), which includes malicious IP addresses and domain names. Because non-malicious IP addresses and domain names exist in the threat intelligence texts, the extracted IOCs are often blended with benign entities. Therefore, the current IOC extraction methods are limited in accuracy when determining whether an entity is malicious. In this paper, the problem of IOC recognition is defined as the issue of aspect-level text polarity classification and an aspect-enhanced deep network model for IOC recognition (AspIOC) is presented. While proposing a pre-training model, the network combines IOC contextual characteristics with IOC character features. We collect about 100,000 samples and construct a dataset using an open-source web platform. The experimental results demonstrate that the accuracy and F1 of the proposed IOC discovery method are 99.92%. Our model is better than the most advanced methods currently in use and satisfies industry standards for IOC recognition.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://huggingface.co/distilbert-base-uncased.

  2. 2.

    https://huggingface.co/.

  3. 3.

    https://www.darkreading.com/.

  4. 4.

    https://threatpost.com/.

  5. 5.

    https://www.blackhat.com/.

  6. 6.

    https://forums.hak5.org/.

  7. 7.

    https://docs.microsoft.com/zh-cn/security-updates/securitybulletins/securitybulletins.

  8. 8.

    https://www.cisco.com/c/zh_cn/support/security/security-manager/products/security-advisories-list.html.

  9. 9.

    https://www.yelp.com/dataset.

  10. 10.

    https://www.kaggle.com/datasets/kazanova/sentiment140.

  11. 11.

    https://www.virustotal.com/gui/.

References

  1. Chen, P., Sun, Z., Bing, L., Yang, W.: Recurrent attention network on memory for aspect sentiment analysis. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 452–461 (2017)

    Google Scholar 

  2. Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)

  3. Dionísio, N., Alves, F., Ferreira, P.M., Bessani, A.: Cyberthreat detection from twitter using deep neural networks. In: 2019 International Joint Conference on Neural Networks (IJCNN), pp. 1–8. IEEE (2019)

    Google Scholar 

  4. Fan, F., Feng, Y., Zhao, D.: Multi-grained attention network for aspect-level sentiment classification. In: Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing, pp. 3433–3442 (2018)

    Google Scholar 

  5. Huang, B., Ou, Y., Carley, K.M.: Aspect level sentiment classification with attention-over-attention neural networks. In: International Conference on Social Computing, Behavioral-Cultural Modeling and Prediction and Behavior Representation in Modeling and Simulation, pp. 197–206. Springer (2018). https://doi.org/10.1007/978-3-319-93372-6_22

  6. Kazato, Y., Nakagawa, Y., Nakatani, Y.: Improving maliciousness estimation of indicator of compromise using graph convolutional networks. In: 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC), pp. 1–7. IEEE (2020)

    Google Scholar 

  7. Kuyama, M., Kakizaki, Y., Sasaki, R.: Method for detecting a malicious domain by using only well-known information. Int. J. Cyber-Secur. Digital Forens. 5(4), 166–175 (2016)

    Article  Google Scholar 

  8. Li, X., Bing, L., Lam, W., Shi, B.: Transformation networks for target-oriented sentiment classification. In: Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 946–956 (2018)

    Google Scholar 

  9. Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755–766 (2016)

    Google Scholar 

  10. Liu, Q., Zhang, H., Zeng, Y., Huang, Z., Wu, Z.: Content attention model for aspect based sentiment analysis. In: Proceedings of the 2018 World Wide Web Conference, pp. 1023–1032 (2018)

    Google Scholar 

  11. Long, Z., Tan, L., Zhou, S., He, C., Liu, X.: Collecting indicators of compromise from unstructured text of cybersecurity articles using neural-based sequence labelling. In: 2019 International Joint Conference on Neural Networks (IJCNN), pp. 1–8. IEEE (2019)

    Google Scholar 

  12. Luong, M.T., Pham, H., Manning, C.D.: Effective approaches to attention-based neural machine translation. arXiv preprint arXiv:1508.04025 (2015)

  13. Tang, D., Qin, B., Feng, X., Liu, T.: Effective LSTMs for target-dependent sentiment classification. arXiv preprint arXiv:1512.01100 (2015)

  14. Tian, Y., Chen, G., Song, Y.: Enhancing aspect-level sentiment analysis with word dependencies. In: Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Main Volume, pp. 3726–3739 (2021)

    Google Scholar 

  15. Wang, Y., Huang, M., Zhu, X., Zhao, L.: Attention-based LSTM for aspect-level sentiment classification. In: Proceedings of the 2016 Conference on Empirical Methods in Natural Language Processing, pp. 606–615 (2016)

    Google Scholar 

  16. Yu, B., Pan, J., Hu, J., Nascimento, A., De Cock, M.: Character level based detection of DGA domain names. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1–8. IEEE (2018)

    Google Scholar 

  17. Zeng, B., Yang, H., Xu, R., Zhou, W., Han, X.: LCF: a local context focus mechanism for aspect-based sentiment classification. Appl. Sci. 9(16), 3389 (2019)

    Article  Google Scholar 

  18. Zhao, J., Yan, Q., Liu, X., Li, B., Zuo, G.: Cyber threat intelligence modeling based on heterogeneous graph convolutional network. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 241–256 (2020)

    Google Scholar 

  19. Zhu, Z., Dumitras, T.: ChainSmith: automatically learning the semantics of malicious campaigns by mining threat intelligence reports. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 458–472. IEEE (2018)

    Google Scholar 

  20. Zhuang, L., Wayne, L., Ya, S., Jun, Z.: A robustly optimized BERT pre-training approach with post-training. In: Proceedings of the 20th Chinese National Conference on Computational Linguistics, pp. 1218–1227 (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Beihang University, Beijing, China

    Shaofeng Wang, Bo Lang, Nan Xiao & Yikai Chen

Authors
  1. Shaofeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bo Lang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nan Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yikai Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bo Lang .

Editor information

Editors and Affiliations

  1. University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

  2. Xidian University, Xian, China

    Xiaofeng Chen

  3. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

  4. University of Wollongong, Wollongong, NSW, Australia

    Yudi Zhang

  5. Petra Christian University, Surabaya, Indonesia

    Rolly Intan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, S., Lang, B., Xiao, N., Chen, Y. (2022). AspIOC: Aspect-Enhanced Deep Neural Network for Actionable Indicator of Compromise Recognition. In: Susilo, W., Chen, X., Guo, F., Zhang, Y., Intan, R. (eds) Information Security. ISC 2022. Lecture Notes in Computer Science, vol 13640. Springer, Cham. https://doi.org/10.1007/978-3-031-22390-7_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22390-7_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22389-1

  • Online ISBN: 978-3-031-22390-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation