Ponencia
Automating cybersecurity TTP classification based on nnstructured attack descriptions
Autor/es | Castaño, Felipe
Gil Lerchundi, Amaia Orduna Urrutia, Raúl Fidalgo Fernández, Eduardo Alaiz Rodríguez, Rocío |
Coordinador/Director | Varela Vaca, Ángel Jesús
![]() ![]() ![]() ![]() ![]() ![]() ![]() Ceballos Guerrero, Rafael ![]() ![]() ![]() ![]() ![]() ![]() ![]() Reina Quintero, Antonia María ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Fecha de publicación | 2024 |
Fecha de depósito | 2024-05-29 |
Publicado en |
|
ISBN/ISSN | 978-84-09-62140-8 |
Resumen | CTI sources help SOCs to share important information about incidents and attacks. Unstructured text processing gains importance, considering that incident-related information is present in a wide range of sources. The ... CTI sources help SOCs to share important information about incidents and attacks. Unstructured text processing gains importance, considering that incident-related information is present in a wide range of sources. The datasets in the literature contain insufficiently lengthy text or a limited number of samples per class. Therefore, we proposed a method to build a semi-automatic dataset using the CTI sources. As a result, we have presented a new dataset of unstructured CTI descriptions called Weakness, Attack, Vulnerabilities, and Events 27k (WAVE 27K). WAVE-27K includes information on 27 different MITRE techniques and 7 tactics, containing 22539 samples associated with a single technique and 5262 samples related to two or more techniques. WAVE-27K is the largest dataset compared to those in the literature. We trained a BERT-based model using WAVE-27K, obtaining a 97.00% micro F1-score, which could validate that the information included on WAVE-27-K has quality sufficient for training machine learning models. |
Cita | Castaño, F., Gil Lerchundi, A., Orduna Urrutia, R., Fidalgo Fernández, E. y Alaiz Rodríguez, R. (2024). Automating cybersecurity TTP classification based on nnstructured attack descriptions. En Jornadas Nacionales de Investigación en Ciberseguridad (JNIC) (9ª.2024. Sevilla) (46-50), Sevilla: Universidad de Sevilla. Escuela Técnica Superior de Ingeniería Informática. |
Ficheros | Tamaño | Formato | Ver | Descripción |
---|---|---|---|---|
JNIC24_64.pdf | 489.2Kb | ![]() | Ver/ | |