Abstract
Over the last years, threat intelligence sharing has steadily grown, leading cybersecurity professionals to access increasingly larger amounts of heterogeneous data. Among those, cyber attacks' Tactics, Techniques and Procedures (TTPs) have proven to be particularly valuable to characterize threat actors' behaviors and, thus, improve defensive countermeasures. Unfortunately, this information is often hidden within human-readable textual reports and must be extracted manually. In this paper, we evaluate several classification approaches to automatically retrieve TTPs from unstructured text. To implement these approaches, we take advantage of the MITRE ATT&CK framework, an open knowledge base of adversarial tactics and techniques, to train classifiers and label results. Finally, we present rcATT, a tool built on top of our findings and freely distributed to the security community to support cyber threat report automated analysis.
Original language | English |
---|---|
Number of pages | 20 |
Publication status | Published - 2020 |
Event | 1st Cyber Threat Intelligence Symposium, CTI 2020 - Online Duration: 9 Mar 2020 → 11 Mar 2020 Conference number: 1 https://www.first.org/events/symposium/zurich2020/ |
Conference
Conference | 1st Cyber Threat Intelligence Symposium, CTI 2020 |
---|---|
Abbreviated title | CTI |
Period | 9/03/20 → 11/03/20 |
Internet address |
Keywords
- Cybersecurity
- Automation
- Cyber threat intelligence
- ATT&CK tactics and techniques
- Multi-label classification