Skip to main content
SpringerLink
Log in

Threat Action Extraction Based on Coreference Resolution

  • Conference paper
  • First Online:
Database Systems for Advanced Applications. DASFAA 2023 International Workshops (DASFAA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13922))

Included in the following conference series:

  • 262 Accesses

Abstract

The knowledge of attacks contained in Cyber Threat Intelligence (CTI) reports is very important to effectively identify and quickly respond to cyber threats. However, CTI reports are usually described in natural language, and the existence of the phenomenon of coreference affects threat action extraction, which leads to the absence of some threat actions. In order to further investigate this phenomenon, in this paper the original CTI text is fed into the threat action extraction model after coreference resolution. The experimental results show that reference resolution can effectively improve the performance of models that use NLP technology, especially those that rely on POS tagging technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1 (2011)

    Google Scholar 

  2. Zhang, H., Shen, G., Guo, C., Cui, Y., Jiang, C.: EX-Action: automatically extracting threat actions from cyber threat intelligence report based on multimodal learning. Secur. Commun. Networks 2021, 1–12 (2021). https://doi.org/10.1155/2021/5586335

  3. Marneffe, M.C., Manning, C.: The stanford typed dependencies representation. COLING Workshop on Cross-framework and Cross-domain Parser Evaluation (01 2008). https://doi.org/10.3115/1608858.1608859

  4. Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.A.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 755–766. ACM (2016). https://doi.org/10.1145/2976749.2978315

  5. Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.-T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35–58 (2017). https://doi.org/10.1016/j.cose.2017.02.005

  6. Xun, S., Li, X., Gao, Y.: AITI: an automatic identification model of threat intelligence based on convolutional neural network. In: Proceedings of the 2020 the 4th International Conference on Innovation in Artificial Intelligence, pp. 20–24. ICIAI 2020, Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3390557.3394305

  7. Shu, X., et al.: Threat intelligence computing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1883–1898. CCS 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3243734.3243829

  8. Qin, Y., Shen, G.W., Zhao, W.B., Chen, Y.P., Yu, M., Jin, X.: A network security entity recognition method based on feature template and CNN-BiLSTM-CRF. Front. Inf. Technol. Electr. Eng. 20(6), 872–884 (2019). https://doi.org/10.1631/FITEE.1800520

  9. Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 53–60 (2018). https://doi.org/10.1016/j.eng.2018.01.004

    Article  Google Scholar 

  10. Du, M., Jiang, J., Jiang, Z., Lu, Z., Du, X.: PRTIRG: a knowledge graph for people-readable threat intelligence recommendation. In: Douligeris, C., Karagiannis, D., Apostolou, D. (eds.) KSEM 2019. LNCS (LNAI), vol. 11775, pp. 47–59. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29551-6_5

    Chapter  Google Scholar 

  11. Husari, G., Al-Shaer, E., Ahmed, M., Chu, B., Niu, X.: TTPDrill: automatic and accurate extraction of threat actions from unstructured text of CTI sources. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 103–115. ACSAC 2017, Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3134600.3134646

  12. Husari, G., Niu, X., Chu, B., Al-Shaer, E.: Using entropy and mutual information to extract threat actions from cyber threat intelligence. In: 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018, Miami, FL, USA, 9–11 November 2018, pp. 1–6. IEEE (2018). https://doi.org/10.1109/ISI.2018.8587343

  13. Clark, K., Manning, C.D.: Improving coreference resolution by learning entity-level distributed representations. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, ACL 2016, 7–12 August 2016, Berlin, Germany, Volume 1: Long Papers. The Association for Computer Linguistics (2016). https://doi.org/10.18653/v1/p16-1061

  14. Lee, K., He, L., Lewis, M., Zettlemoyer, L.: End-to-end neural coreference resolution. In: Palmer, M., Hwa, R., Riedel, S. (eds.) Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, EMNLP 2017, Copenhagen, Denmark, 9–11 September 2017, pp. 188–197. Association for Computational Linguistics (2017). https://doi.org/10.18653/v1/d17-1018

  15. Joshi, M., Levy, O., Zettlemoyer, L., Weld, D.: BERT for coreference resolution: baselines and analysis. In: Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), pp. 5803–5808. Association for Computational Linguistics, Hong Kong, China (2019). https://doi.org/10.18653/v1/D19-1588

  16. Kirstain, Y., Ram, O., Levy, O.: Coreference resolution without span representations. CoRR abs/2101.00434 (2021). arXiv: 2101.00434

  17. Dobrovolskii, V.: Word-level coreference resolution. In: Moens, M., Huang, X., Specia, L., Yih, S.W. (eds.) Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, EMNLP 2021, Virtual Event / Punta Cana, Dominican Republic, 7–11 November 2021, pp. 7670–7675. Association for Computational Linguistics (2021). https://doi.org/10.18653/v1/2021.emnlp-main.605

  18. Satvat, K., Gjomemo, R., Venkatakrishnan, V.N.: EXTRACTOR: extracting attack behavior from threat reports. CoRR abs/2104.08618 (2021). arxiv.org/abs/2104.08618

Download references

Acknowledgement

This work is supported by CNOOC Energy Technology & Services Limited Major Special Project Sub-topic: Key Technology Research on Safety Risk Identification and Early Warning for On-site Production Operations.

Author information

Authors and Affiliations

  1. CNOOC EnerTech-Safety and Environmental Protection Co., Tianjin, 300452, China

    Dengtian Mao, Ruike Zhao, Rui He, Pengyi He, Fanghui Ning & Lingqi Zeng

Authors
  1. Dengtian Mao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruike Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rui He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pengyi He
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fanghui Ning
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lingqi Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dengtian Mao .

Editor information

Editors and Affiliations

  1. University of California, Santa Barbara, Santa Barbara, CA, USA

    Amr El Abbadi

  2. University of Auckland, Auckland, New Zealand

    Gillian Dobbie

  3. Tianjin University, Tianjin, China

    Zhiyong Feng

  4. Zhejiang University, Hangzhou, China

    Lu Chen

  5. The University of Southern Queensland, Queensland, Australia

    Xiaohui Tao

  6. Beijing University of Posts and Telecommunications, Beijing, China

    Yingxia Shao

  7. The University of Queensland, Brisbane, QLD, Australia

    Hongzhi Yin

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mao, D., Zhao, R., He, R., He, P., Ning, F., Zeng, L. (2023). Threat Action Extraction Based on Coreference Resolution. In: El Abbadi, A., et al. Database Systems for Advanced Applications. DASFAA 2023 International Workshops. DASFAA 2023. Lecture Notes in Computer Science, vol 13922. Springer, Cham. https://doi.org/10.1007/978-3-031-35415-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35415-1_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35414-4

  • Online ISBN: 978-3-031-35415-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation