Building Cybersecurity Ontology for Understanding and Reasoning Adversary Tactics and Techniques
Journal
Proceedings - 2022 IEEE International Conference on Big Data, Big Data 2022
Pages
4266 - 4274
ISBN
9781665480451
Date Issued
2022-12-17
Author(s)
Abstract
Cyber threats have become more prevalent than ever. Cyber Threat Intelligence (CTI) reports and MITRE ATTCK® framework play an imperative role in helping experts and organizations assess current and potential attacks, such as Advanced Persistent Threats (APT). However, the task of extracting valuable information from unstructured texts remains an ongoing challenge. In this work, we present a framework for understanding and reasoning adversary tactics and techniques. We construct an ontology structure and propose an automatic information extraction method that is capable of integrating the parsed information from CTI reports into each instance. The ontology is represented in the Web Ontology Language (OWL) accessible with the SPARQL query language. Our evaluation shows that the proposed information extraction method outperforms other state-of-the-art neural network-based methods in terms of precision. Furthermore, our framework can effectively infer adversary information, which efficiently supports security analysts recognize tactics and techniques.
Event(s)
2022 IEEE International Conference on Big Data, 17-20 December 2022
Subjects
Cybersecurity | MITRE ATT&CK | Natural Language Processing | Ontology | OSINT
SDGs
Publisher
Institute of Electrical and Electronics Engineers Inc.
Description
Conference Location: Osaka, Japan
Type
conference paper