Safeguarding Infrastructure from Cyber Threats with NLP-Based Information Retrieval

Safeguarding Infrastructure from Cyber Threats with NLP-Based Information Retrieval

연구 분야: Infrastructure

학회: WSC '23: Proceedings of the Winter Simulation Conference

Natural disasters disrupt systems, leading to critical infrastructure vulnerabilities prone to cyber-attacks. The MITRE ATT&CK Enterprise Matrix is a knowledge base for threat analyses in the cybersecurity community. Existing processes to derive possible attack methodologies from this Matrix are largely manual and time-consuming. It is essential to automate the information retrieval process to reduce human errors, improve efficiency, and free up resources for identifying unrevealed cyber-attacks. We propose a framework that incorporates Natural Language Processing (NLP) and Text Mining to automatically generate sets of attack paths from the technique descriptions in the Matrix. The framework generates similarity between techniques based on their descriptions and creates an output showing potential pathways an adversary can take to infiltrate a system. The outputs are compared against an annotated approach and attack report. The results of this study provide an approach to more quickly and effectively assess potential cyber-attacks towards protecting critical infrastructure.