Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Knowledge Mining in Cybersecurity: From Attack to Defense

Published

Author(s)

Khandakar Ashrafi Akbar, Sadaf MD Halim, Yibo Hu, Anoop Singhal, Latifur Khan, Bhavani Thuraisingham

Abstract

In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to aid the security analyst by introducing a tool which will help to produce a swift and effective response to incoming threats. If an analyst identifies the nature of an incoming attack, our system can produce a ranked list of solutions for the analyst to quickly try out, saving both effort and time. Currently, the security analyst is typically left to manually produce a solution by consulting existing frameworks and knowledge bases, such as the ATT&CK and D3FEND frameworks by the MITRE Corporation. This task is made harder by the fact that existing knowledge bases are not always comprehensive, and so a lot of valuable security knowledge is instead found scattered across the web. To solve these challenges, our tool leverages existing frameworks as well as data crawled from the web. Our tool uses advanced natural language processing techniques, including a large language model (RoBERTa), to derive meaningful semantic associations between descriptions of offensive techniques and defensive countermeasures. Experimental results confirm that our proposed method can provide useful suggestions to the security analyst with good accuracy, especially in comparison to baseline approaches which fail to exhibit the semantic and contextual understanding necessary to make such associations.
Proceedings Title
Data and Applications Security and Privacy XXXVI
Volume
13383
Conference Dates
July 18-20, 2022
Conference Location
Newark, NJ, US
Conference Title
International Conference on Data and Application Security and Privacy 2022 (DBSec 2022)

Keywords

Cyber Threat Intelligence, Natural Language Processing, Semantic Association

Citation

Akbar, K. , Halim, S. , Hu, Y. , Singhal, A. , Khan, L. and Thuraisingham, B. (2022), Knowledge Mining in Cybersecurity: From Attack to Defense, Data and Applications Security and Privacy XXXVI, Newark, NJ, US, [online], https://doi.org/10.1007/978-3-031-10684-2_7, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934782 (Accessed December 3, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 18, 2022, Updated October 27, 2023