WEKO3
アイテム
Extracting and Analyzing Cybersecurity Named Entity and its Relationship with Noncontextual IOCs from Unstructured Text of CTI Sources
https://ipsj.ixsq.nii.ac.jp/records/227707
https://ipsj.ixsq.nii.ac.jp/records/227707faef72ae-fe7e-4e04-b915-3c3953ad645a
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6409012.pdf (1.8 MB)
|
Copyright (c) 2023 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2023-09-15 | |||||||||||||
| タイトル | ||||||||||||||
| タイトル | Extracting and Analyzing Cybersecurity Named Entity and its Relationship with Noncontextual IOCs from Unstructured Text of CTI Sources | |||||||||||||
| タイトル | ||||||||||||||
| 言語 | en | |||||||||||||
| タイトル | Extracting and Analyzing Cybersecurity Named Entity and its Relationship with Noncontextual IOCs from Unstructured Text of CTI Sources | |||||||||||||
| 言語 | ||||||||||||||
| 言語 | eng | |||||||||||||
| キーワード | ||||||||||||||
| 主題Scheme | Other | |||||||||||||
| 主題 | [特集:サイバー空間を安全にするコンピュータセキュリティ技術(推薦論文)] cyber threat intelligence, information extraction, named entity recognition, relation extraction, STIX | |||||||||||||
| 資源タイプ | ||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
| 資源タイプ | journal article | |||||||||||||
| 著者所属 | ||||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd./Graduate School of Natural Science and Technology, Okayama University | ||||||||||||||
| 著者所属 | ||||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. | ||||||||||||||
| 著者所属 | ||||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. | ||||||||||||||
| 著者所属 | ||||||||||||||
| Faculty of Environmental, Life, Natural Science and Technology, Okayama University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. / Graduate School of Natural Science and Technology, Okayama University | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Yokohama Research Laboratory, Hitachi, Ltd. | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Faculty of Environmental, Life, Natural Science and Technology, Okayama University | ||||||||||||||
| 著者名 |
Shota, Fujii
× Shota, Fujii
× Nobutaka, Kawaguchi
× Tomohiro, Shigemoto
× Toshihiro, Yamauchi
|
|||||||||||||
| 著者名(英) |
Shota, Fujii
× Shota, Fujii
× Nobutaka, Kawaguchi
× Tomohiro, Shigemoto
× Toshihiro, Yamauchi
|
|||||||||||||
| 論文抄録 | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | The increasing frequency and sophistication of cyberattacks makes it essential to keep up-to-date with threat information by using cyber threat intelligence (CTI). Structured CTI such as Structured Threat Information eXpression (STIX) is particularly useful because it can automate security operations such as updating FW/IDS rules and analyzing attack trends. However, as most CTIs are written in natural language, manual analysis with domain knowledge is required, which becomes quite time-consuming. In this work, we prose CyNER, a method for automatically structuring CTIs and converting them into STIX format. CyNER extracts named entities in the context of CTI and then extracts the relations between named entities and IOCs in order to convert them into STIX. In addition, by using key phrase extraction, CyNER can extract relations between IOCs that lack contextual information such as those listed at the bottom of a CTI, and named entities. We describe our design and implementation of CyNER and demonstrate that it can extract named entities with the F-measure of 0.80 and extract relations between named entities and IOCs with a maximum accuracy of 81.6%. Our analysis of structured CTI showed that CyNER can extract IOCs that are not included in existing reputation sites, and that it can automatically extract IOCs that have been exploited for a long time and across multiple attack groups. CyNER will therefore make CTI analysis more efficient. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.578 ------------------------------ |
|||||||||||||
| 論文抄録(英) | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | The increasing frequency and sophistication of cyberattacks makes it essential to keep up-to-date with threat information by using cyber threat intelligence (CTI). Structured CTI such as Structured Threat Information eXpression (STIX) is particularly useful because it can automate security operations such as updating FW/IDS rules and analyzing attack trends. However, as most CTIs are written in natural language, manual analysis with domain knowledge is required, which becomes quite time-consuming. In this work, we prose CyNER, a method for automatically structuring CTIs and converting them into STIX format. CyNER extracts named entities in the context of CTI and then extracts the relations between named entities and IOCs in order to convert them into STIX. In addition, by using key phrase extraction, CyNER can extract relations between IOCs that lack contextual information such as those listed at the bottom of a CTI, and named entities. We describe our design and implementation of CyNER and demonstrate that it can extract named entities with the F-measure of 0.80 and extract relations between named entities and IOCs with a maximum accuracy of 81.6%. Our analysis of structured CTI showed that CyNER can extract IOCs that are not included in existing reputation sites, and that it can automatically extract IOCs that have been exploited for a long time and across multiple attack groups. CyNER will therefore make CTI analysis more efficient. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.578 ------------------------------ |
|||||||||||||
| 書誌レコードID | ||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 64, 号 9, 発行日 2023-09-15 |
|||||||||||||
| ISSN | ||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||
| 公開者 | ||||||||||||||
| 言語 | ja | |||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||
