Published: July 13, 2022
Author(s)
Khandakar Akbar (University of Texas at Dallas), Sadaf Md Halim (University of Texas at Dallas), Yibo Hu (University of Texas at Dallas), Anoop Singhal (NIST), Latifur Khan (University of Texas at Dallas), Bhavani Thuraisingham (University of Texas at Dallas)
Conference
Name: IFIP Annual Conference on Data and Applications Security and Privacy
Dates: 07/18/2022 - 07/20/2022
Location: Newark, NJ
Citation: DBSec 2022: Data and Applications Security and Privacy XXXVI, vol. 13383, pp. 110-122
In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to aid the security analyst by introducing a tool which will help to produce a swift and effective response to incoming threats. If an analyst identifies the nature of an incoming attack, our system can produce a ranked list of solutions for the analyst to quickly try out, saving both effort and time. Currently, the security analyst is typically left to manually produce a solution by consulting existing frameworks and knowledge bases, such as the ATT&CK and D3FEND frameworks by the MITRE Corporation. To solve these challenges, our tool leverages state-of-the-art machine learning frameworks to provide a comprehensive solution for security analysts. Our tool uses advanced natural language processing techniques, including a large language model (RoBERTa), to derive meaningful semantic associations between descriptions of offensive techniques and defensive countermeasures. Experimental results confirm that our proposed method can provide useful suggestions to the security analyst with good accuracy, especially in comparison to baseline approaches which fail to exhibit the semantic and contextual understanding necessary to make such associations.
In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to...
See full abstract
In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to aid the security analyst by introducing a tool which will help to produce a swift and effective response to incoming threats. If an analyst identifies the nature of an incoming attack, our system can produce a ranked list of solutions for the analyst to quickly try out, saving both effort and time. Currently, the security analyst is typically left to manually produce a solution by consulting existing frameworks and knowledge bases, such as the ATT&CK and D3FEND frameworks by the MITRE Corporation. To solve these challenges, our tool leverages state-of-the-art machine learning frameworks to provide a comprehensive solution for security analysts. Our tool uses advanced natural language processing techniques, including a large language model (RoBERTa), to derive meaningful semantic associations between descriptions of offensive techniques and defensive countermeasures. Experimental results confirm that our proposed method can provide useful suggestions to the security analyst with good accuracy, especially in comparison to baseline approaches which fail to exhibit the semantic and contextual understanding necessary to make such associations.
Hide full abstract
Keywords
cyber threat intelligence; natural language processing; semantic association
Control Families
None selected
