Useful Cyber Threat Intelligence Relation Retrieval Using Transfer Learning

Useful Cyber Threat Intelligence Relation Retrieval Using Transfer Learning

연구 분야: Safety

학회: EICC '23: Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference

The emergence of hacker groups extends the complexity and frequency of cyberattacks. To adapt to the rapidly evolving cyberattacks, acquiring valuable information from security incident reports is critical for businesses to gain visibility into the fast-evolving threat landscape and to timely deploy preventive measures. As such threat intelligence is mostly presented in textual reports, such information needs to be extracted manually by security analysts and is highly dependent on personnel experience. This research proposes a novel cyber threat intelligence extraction system called “CARE” (Cyber Attack Relation Extraction) that extracts critical threat entities and presents their relationship in both graphical and textual forms that help cybersecurity staff quickly grasp the key information from security reports. To capture attack-related information, this study adopts BERT to enhance contextualized word representation and applies transfer learning to extract the relations among threat entities. The evaluation results show that the proposed CARE system achieves a 97% F1-score on relation extraction and that it could retrieve useful threat information effectively.