Abstract
The knowledge of attacks contained in Cyber Threat Intelligence (CTI) reports is very important to effectively identify and quickly respond to cyber threats. However, CTI reports are usually described in natural language, and the existence of the phenomenon of coreference affects threat action extraction, which leads to the absence of some threat actions. In order to further investigate this phenomenon, in this paper the original CTI text is fed into the threat action extraction model after coreference resolution. The experimental results show that reference resolution can effectively improve the performance of models that use NLP technology, especially those that rely on POS tagging technology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1 (2011)
Zhang, H., Shen, G., Guo, C., Cui, Y., Jiang, C.: EX-Action: automatically extracting threat actions from cyber threat intelligence report based on multimodal learning. Secur. Commun. Networks 2021, 1–12 (2021). https://doi.org/10.1155/2021/5586335
Marneffe, M.C., Manning, C.: The stanford typed dependencies representation. COLING Workshop on Cross-framework and Cross-domain Parser Evaluation (01 2008). https://doi.org/10.3115/1608858.1608859
Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.A.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 755–766. ACM (2016). https://doi.org/10.1145/2976749.2978315
Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.-T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35–58 (2017). https://doi.org/10.1016/j.cose.2017.02.005
Xun, S., Li, X., Gao, Y.: AITI: an automatic identification model of threat intelligence based on convolutional neural network. In: Proceedings of the 2020 the 4th International Conference on Innovation in Artificial Intelligence, pp. 20–24. ICIAI 2020, Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3390557.3394305
Shu, X., et al.: Threat intelligence computing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1883–1898. CCS 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3243734.3243829
Qin, Y., Shen, G.W., Zhao, W.B., Chen, Y.P., Yu, M., Jin, X.: A network security entity recognition method based on feature template and CNN-BiLSTM-CRF. Front. Inf. Technol. Electr. Eng. 20(6), 872–884 (2019). https://doi.org/10.1631/FITEE.1800520
Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 53–60 (2018). https://doi.org/10.1016/j.eng.2018.01.004
Du, M., Jiang, J., Jiang, Z., Lu, Z., Du, X.: PRTIRG: a knowledge graph for people-readable threat intelligence recommendation. In: Douligeris, C., Karagiannis, D., Apostolou, D. (eds.) KSEM 2019. LNCS (LNAI), vol. 11775, pp. 47–59. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29551-6_5
Husari, G., Al-Shaer, E., Ahmed, M., Chu, B., Niu, X.: TTPDrill: automatic and accurate extraction of threat actions from unstructured text of CTI sources. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 103–115. ACSAC 2017, Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3134600.3134646
Husari, G., Niu, X., Chu, B., Al-Shaer, E.: Using entropy and mutual information to extract threat actions from cyber threat intelligence. In: 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018, Miami, FL, USA, 9–11 November 2018, pp. 1–6. IEEE (2018). https://doi.org/10.1109/ISI.2018.8587343
Clark, K., Manning, C.D.: Improving coreference resolution by learning entity-level distributed representations. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, ACL 2016, 7–12 August 2016, Berlin, Germany, Volume 1: Long Papers. The Association for Computer Linguistics (2016). https://doi.org/10.18653/v1/p16-1061
Lee, K., He, L., Lewis, M., Zettlemoyer, L.: End-to-end neural coreference resolution. In: Palmer, M., Hwa, R., Riedel, S. (eds.) Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, EMNLP 2017, Copenhagen, Denmark, 9–11 September 2017, pp. 188–197. Association for Computational Linguistics (2017). https://doi.org/10.18653/v1/d17-1018
Joshi, M., Levy, O., Zettlemoyer, L., Weld, D.: BERT for coreference resolution: baselines and analysis. In: Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), pp. 5803–5808. Association for Computational Linguistics, Hong Kong, China (2019). https://doi.org/10.18653/v1/D19-1588
Kirstain, Y., Ram, O., Levy, O.: Coreference resolution without span representations. CoRR abs/2101.00434 (2021). arXiv: 2101.00434
Dobrovolskii, V.: Word-level coreference resolution. In: Moens, M., Huang, X., Specia, L., Yih, S.W. (eds.) Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, EMNLP 2021, Virtual Event / Punta Cana, Dominican Republic, 7–11 November 2021, pp. 7670–7675. Association for Computational Linguistics (2021). https://doi.org/10.18653/v1/2021.emnlp-main.605
Satvat, K., Gjomemo, R., Venkatakrishnan, V.N.: EXTRACTOR: extracting attack behavior from threat reports. CoRR abs/2104.08618 (2021). arxiv.org/abs/2104.08618
Acknowledgement
This work is supported by CNOOC Energy Technology & Services Limited Major Special Project Sub-topic: Key Technology Research on Safety Risk Identification and Early Warning for On-site Production Operations.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mao, D., Zhao, R., He, R., He, P., Ning, F., Zeng, L. (2023). Threat Action Extraction Based on Coreference Resolution. In: El Abbadi, A., et al. Database Systems for Advanced Applications. DASFAA 2023 International Workshops. DASFAA 2023. Lecture Notes in Computer Science, vol 13922. Springer, Cham. https://doi.org/10.1007/978-3-031-35415-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-35415-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35414-4
Online ISBN: 978-3-031-35415-1
eBook Packages: Computer ScienceComputer Science (R0)