Abstract
In an increasingly complex cyber environment, where the role of traditional protection tools is increasingly limited, intelligence is the key point in the battle. Through the information monitoring of Internet social platforms, potential cyberattack threats to enterprises, governments, and other institutions could be analyzed. Twitter, the world’s largest social media platform, spreads news and shares tweets about cybersecurity-related events and technologies daily, with cross-site scripting attacks being one of them. In the status quo, this paper proposes a cross-site scripting threat intelligence detection model based on deep learning, which can detect tweets involving threats related to cross-site scripting attacks. We utilized a variety of word vector extraction tools blended with topic word extraction techniques to construct a word vector matrix with multi-dimensional features. Then, the threat event detection model is trained using a bidirectional recurrent convolutional neural network with a self-attentive mechanism. In the experiment, the accuracy rate of our proposed model exceeds 0.96, and through multiple sets of control experimental data results, it is proved that the structure designed in the model is conducive to improving the performance of the model and that the model is effective in detecting tweets that involve cross-site scripting threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Marsh, M,. et al.: The Global Risks Report 2021, 21 December 2021. https://www.oliverwyman.com/content/dam/mmc-web/insights/publications/2021/january/global-risks-report/The-Global-Risks-Report-2021-small-FINAL.pdf
Noor, U., Anwar, Z., Amjad, T., Choo, K.K.R.: A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise. Future Gener. Comput. Syst. 96, 227–242 (2019)
Yagcioglu, S., et al.: Detecting Cybersecurity Events from Noisy Short Text. arXiv (2019). arXiv:1904.05054
Internet Security Center. 2020 Global Advanced Persistent Threat APT Research Report, February 2021. https://zt.360.cn/1101061855.php?dtid=1101062360 &did=211138962
OWASP, OWASP Top 10–2021. https://owasp.org/Top10/. 2021-12-21
Ruder, S.: An overview of multi-task learning in deep neural networks. arXiv (2017). arXiv:1706.05098
Willett, P.K., Kirubarajan, T.: System diagnosis and prognosis: security and condition monitoring issues III. In: System Diagnosis and Prognosis: Security and Condition Monitoring Issues, vol. III, p. 5107 (2003)
Qiu, X., Lin, X., Qiu, L.: Feature representation models for cyber attack event extraction. In: 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), pp. 29–32. IEEE (2016)
Khandpur, R.P., Ji, T., Jan, S., et al.: Crowdsourcing cybersecurity: cyber attack detection using social media. In: Proceedings of the 2017 ACM on Conference on Information and Knowledge Management, pp. 1049–1057 (2017)
Le Sceller, Q., Karbab, E.M.B., Debbabi, M., et al.: Sonar: automatic detection of cyber security events over the twitter stream. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–11 (2017)
Bose, A., Behzadan, V., Aguirre, C., et al.: A novel approach for detection and ranking of trendy and emerging cyber threat events in twitter streams. In: 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 871–878. IEEE (2019)
Ji, T., Zhang, X., Self, N., et al.: Feature driven learning framework for cybersecurity event detection. In: Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 196–203 (2019)
Trong, H.M.D., Le, D.T., Veyseh, A.P.B., et al.: Introducing a new dataset for event detection in cybersecurity texts. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 5381–5390 2020)
Shin H, Shim W C, Moon J, et al. Cybersecurity Event Detection with New and Re-emerging Words. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 665–678 (2020)
Simran, K., Balakrishna, P., Vinayakumar, R., Soman, K.P.: Deep learning approach for enhanced cyber threat indicators in twitter stream. In: Thampi, S.M., Martinez Perez, G., Ko, R., Rawat, D.B. (eds.) SSCC 2019. CCIS, vol. 1208, pp. 135–145. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-4825-3_11
Cassel, M., Lima, F.: Evaluating one-hot encoding finite state machines for SEU reliability in SRAM-based FPGAs. In: 12th IEEE International On-Line Testing Symposium (IOLTS 2006). IEEE (2006). 6 pp
Mikolov, T., Sutskever, I., Chen, K., Corrado, G., Dean, J.: Distributed representations of words and phrases and their compositionality. Adv. Neural. Inf. Process. Syst. 26, 3111–3119 (2013)
Pennington, J., Socher, R., Manning, C.D.: Glove: global vectors for word representation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1532–1543 (2014)
Joulin, A., Grave, E., Bojanowski, P., et al.: Bag of tricks for efficient text classification. In: Proceedings of the 15th Conference of the European Chapter of the Association for Computational Linguistics: Volume 2, Short Papers, vol. 2, pp. 427–431
Sun, F., Chen, H.: Feature extension for Chinese short text classification based on LDA and word2vec. In: 2018 13th IEEE Conference on Industrial Electronics and Applications (ICIEA), pp. 1189–1194. IEEE 2018
Sutskever, I., Vinyals, O., Le Quoc, V.: Sequence to sequence learning with neural networks. In: Proceedings of the 28th Annual Conference on Neural Information Processing Systems-NIPS, Montreal, QC, Canada, 8–13 December 2014, pp. 3104–3112 (2014)
Graves, A., Schmidhuber, J.: Framewise phoneme classification with bidirectional LSTM and other neural network architectures. Neural Netw. 18(5–6), 602–610 (2005)
Li, X., Zhang, W., Ding, Q.: Understanding and improving deep learning-based rolling bearing fault diagnosis with attention mechanism. Signal Process. 161, 136–154 (2019)
Zhao, H., Jia, J., Koltun, V.: Exploring self-attention for image recognition. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 10076–10085 (2020)
Yin, X., Zhao, H., Zhao, J.B.: Military named entity recognition based on multi-neural network cooperation. Tsinghua Univ. J. (Nat. Sci. Ed.) 60(8), 648–655 (2020)
Acknowledgements
This work was supported in part by National Natural Science Foundation of China (U20B2045).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, Z., Fang, Y., Xu, Y. (2022). Cross-site Scripting Threat Intelligence Detection Based on Deep Learning. In: Ahene, E., Li, F. (eds) Frontiers in Cyber Security. FCS 2022. Communications in Computer and Information Science, vol 1726. Springer, Singapore. https://doi.org/10.1007/978-981-19-8445-7_6
Download citation
DOI: https://doi.org/10.1007/978-981-19-8445-7_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-8444-0
Online ISBN: 978-981-19-8445-7
eBook Packages: Computer ScienceComputer Science (R0)