Automatic Tagging of Cyber Threat Intelligence Unstructured Data using Semantics Extraction

Submitted by grigby1 on Thu, 08/13/2020 - 5:07pm

Title	Automatic Tagging of Cyber Threat Intelligence Unstructured Data using Semantics Extraction
Publication Type	Conference Paper
Year of Publication	2019
Authors	Wang, Tianyi, Chow, Kam Pui
Conference Name	2019 IEEE International Conference on Intelligence and Security Informatics (ISI)
Date Published	jul
Keywords	artificial intelligence security, automatic tagging, CVE entities, cyber security, cyber security professionals, cyber security territory, cyber threat intelligence article, cyber threat intelligence unstructured data, data structures, GATE framework, information retrieval, JAPE feature, latest threat intelligence, latest useful threat intelligence, ontologies (artificial intelligence), Ontology, pubcrawl, security of data, semantics extraction, structured data, threat intelligence, unstructured cyber threat intelligence data, unstructured data
Abstract	Threat intelligence, information about potential or current attacks to an organization, is an important component in cyber security territory. As new threats consecutively occurring, cyber security professionals always keep an eye on the latest threat intelligence in order to continuously lower the security risks for their organizations. Cyber threat intelligence is usually conveyed by structured data like CVE entities and unstructured data like articles and reports. Structured data are always under certain patterns that can be easily analyzed, while unstructured data have more difficulties to find fixed patterns to analyze. There exists plenty of methods and algorithms on information extraction from structured data, but no current work is complete or suitable for semantics extraction upon unstructured cyber threat intelligence data. In this paper, we introduce an idea of automatic tagging applying JAPE feature within GATE framework to perform semantics extraction upon cyber threat intelligence unstructured data such as articles and reports. We extract token entities from each cyber threat intelligence article or report and evaluate the usefulness of them. A threat intelligence ontology then can be constructed with the useful entities extracted from related resources and provide convenience for professionals to find latest useful threat intelligence they need.
DOI	10.1109/ISI.2019.8823252
Citation Key	wang_automatic_2019

Groups:

Science of Security VO