Visible to the public Automatic Tagging of Cyber Threat Intelligence Unstructured Data using Semantics Extraction

TitleAutomatic Tagging of Cyber Threat Intelligence Unstructured Data using Semantics Extraction
Publication TypeConference Paper
Year of Publication2019
AuthorsWang, Tianyi, Chow, Kam Pui
Conference Name2019 IEEE International Conference on Intelligence and Security Informatics (ISI)
Date Publishedjul
Keywordsartificial intelligence security, automatic tagging, CVE entities, cyber security, cyber security professionals, cyber security territory, cyber threat intelligence article, cyber threat intelligence unstructured data, data structures, GATE framework, information retrieval, JAPE feature, latest threat intelligence, latest useful threat intelligence, ontologies (artificial intelligence), Ontology, pubcrawl, security of data, semantics extraction, structured data, threat intelligence, unstructured cyber threat intelligence data, unstructured data
AbstractThreat intelligence, information about potential or current attacks to an organization, is an important component in cyber security territory. As new threats consecutively occurring, cyber security professionals always keep an eye on the latest threat intelligence in order to continuously lower the security risks for their organizations. Cyber threat intelligence is usually conveyed by structured data like CVE entities and unstructured data like articles and reports. Structured data are always under certain patterns that can be easily analyzed, while unstructured data have more difficulties to find fixed patterns to analyze. There exists plenty of methods and algorithms on information extraction from structured data, but no current work is complete or suitable for semantics extraction upon unstructured cyber threat intelligence data. In this paper, we introduce an idea of automatic tagging applying JAPE feature within GATE framework to perform semantics extraction upon cyber threat intelligence unstructured data such as articles and reports. We extract token entities from each cyber threat intelligence article or report and evaluate the usefulness of them. A threat intelligence ontology then can be constructed with the useful entities extracted from related resources and provide convenience for professionals to find latest useful threat intelligence they need.
DOI10.1109/ISI.2019.8823252
Citation Keywang_automatic_2019