| Title | Using Entropy and Mutual Information to Extract Threat Actions from Cyber Threat Intelligence |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Husari, G., Niu, X., Chu, B., Al-Shaer, E. |
| Conference Name | 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) |
| Date Published | nov |
| Keywords | ActionMiner, advance threat notice, Automated Response Actions, composability, Cyber Attacks, cyber threat intelligence, cyber threat intelligence sharing, cybersecurity, cybersecurity texts, data mining, decision making, enabling timely response, Entropy, extract threat actions, Information theory, low-level cyber threat actions, Malware behavior analysis, Mutual information, natural language processing, NLP, NLP techniques, pubcrawl, publicly available CTI sources, rapid growth, Resiliency, security of data, Stanford typed dependency parser, text mining, timely defense decision making, Trojan horses |
| Abstract | With the rapid growth of the cyber attacks, cyber threat intelligence (CTI) sharing becomes essential for providing advance threat notice and enabling timely response to cyber attacks. Our goal in this paper is to develop an approach to extract low-level cyber threat actions from publicly available CTI sources in an automated manner to enable timely defense decision making. Specifically, we innovatively and successfully used the metrics of entropy and mutual information from Information Theory to analyze the text in the cybersecurity domain. Combined with some basic NLP techniques, our framework, called ActionMiner has achieved higher precision and recall than the state-of-the-art Stanford typed dependency parser, which usually works well in general English but not cybersecurity texts. |
| DOI | 10.1109/ISI.2018.8587343 |
| Citation Key | husari_using_2018 |
Using Entropy and Mutual Information to Extract Threat Actions from Cyber Threat Intelligence