Abstract
With the rapid growth of the cyber attacks, cyber threat intelligence (CTI) sharing becomes essential for providing advance threat notice and enabling timely response to cyber attacks. Our goal in this paper is to develop an approach to extract low-level cyber threat actions from publicly available CTI sources in an automated manner to enable timely defense decision making. Specifically, we innovatively and successfully used the metrics of entropy and mutual information from Information Theory to analyze the text in the cybersecurity domain. Combined with some basic NLP techniques, our framework, called ActionMiner has achieved higher precision and recall than the state-of-the-art Stanford typed dependency parser, which usually works well in general English but not cybersecurity texts.
| Original language | English |
|---|---|
| Title of host publication | 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018 |
| Editors | Dongwon Lee, Ghita Mezzour, Ponnurangam Kumaraguru, Nitesh Saxena |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 1-6 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781538678480 |
| DOIs | |
| State | Published - 24 Dec 2018 |
| Externally published | Yes |
Publication series
| Name | 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018 |
|---|
Bibliographical note
Publisher Copyright:© 2018 IEEE.
Keywords
- Cyber threat intelligence
- Cybersecurity
- Information Theory
- Malware behavior analysis
- NLP
- Text mining
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems and Management
- Safety, Risk, Reliability and Quality
- Communication
Fingerprint
Dive into the research topics of 'Using entropy and mutual information to extract threat actions from cyber threat intelligence'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver