Abstract
Security Analysts that work in a `Security Operations Center' (SoC) play a major role in ensuring the security of the organization. The amount of background knowledge they have about the evolving and new attacks makes a significant difference in their ability to detect attacks. Open source threat intelligence sources, like text descriptions about cyber-attacks, can be stored in a structured fashion in a cybersecurity knowledge graph. A cybersecurity knowledge graph can be paramount in aiding a security analyst to detect cyber threats because it stores a vast range of cyber threat information in the form of semantic triples which can be queried. A semantic triple contains two cybersecurity entities with a relationship between them. In this work, we propose a system to create semantic triples over cybersecurity text, using deep learning approaches to extract possible relationships. We use the set of semantic triples generated through our system to assert in a cybersecurity knowledge graph. Security Analysts can retrieve this data from the knowledge graph, and use this information to form a decision about a cyber-attack.
Abstract (translated)
在“安全运营中心”(SOC)工作的安全分析师在确保组织安全方面发挥着重要作用。他们对进化和新攻击的背景知识的数量在他们检测攻击的能力上有着显著的差异。开源威胁情报源,如有关网络攻击的文本描述,可以以结构化的方式存储在网络安全知识图中。网络安全知识图对于帮助安全分析师检测网络威胁至关重要,因为它以语义三元组的形式存储了大量的网络威胁信息,可以查询这些信息。语义三元组包含两个网络安全实体,它们之间有一个关系。在这项工作中,我们提出了一个在网络安全文本上创建语义三元组的系统,使用深度学习方法来提取可能的关系。我们使用系统生成的语义三元组集在网络安全知识图中进行断言。安全分析人员可以从知识图中检索这些数据,并使用这些信息来制定有关网络攻击的决策。
URL
https://arxiv.org/abs/1905.02497