Saved in:
Bibliographic Details
Main Authors: Nguyen, Tu, Šrndić, Nedim, Neth, Alexander
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2401.10337
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911075445768192
author Nguyen, Tu
Šrndić, Nedim
Neth, Alexander
author_facet Nguyen, Tu
Šrndić, Nedim
Neth, Alexander
contents Tactics, Techniques and Procedures (TTPs) represent sophisticated attack patterns in the cybersecurity domain, described encyclopedically in textual knowledge bases. Identifying TTPs in cybersecurity writing, often called TTP mapping, is an important and challenging task. Conventional learning approaches often target the problem in the classical multi-class or multilabel classification setting. This setting hinders the learning ability of the model due to a large number of classes (i.e., TTPs), the inevitable skewness of the label distribution and the complex hierarchical structure of the label space. We formulate the problem in a different learning paradigm, where the assignment of a text to a TTP label is decided by the direct semantic similarity between the two, thus reducing the complexity of competing solely over the large labeling space. To that end, we propose a neural matching architecture with an effective sampling-based learn-to-compare mechanism, facilitating the learning process of the matching model despite constrained resources.
format Preprint
id arxiv_https___arxiv_org_abs_2401_10337
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Noise Contrastive Estimation-based Matching Framework for Low-Resource Security Attack Pattern Recognition
Nguyen, Tu
Šrndić, Nedim
Neth, Alexander
Machine Learning
Artificial Intelligence
Computation and Language
Cryptography and Security
Tactics, Techniques and Procedures (TTPs) represent sophisticated attack patterns in the cybersecurity domain, described encyclopedically in textual knowledge bases. Identifying TTPs in cybersecurity writing, often called TTP mapping, is an important and challenging task. Conventional learning approaches often target the problem in the classical multi-class or multilabel classification setting. This setting hinders the learning ability of the model due to a large number of classes (i.e., TTPs), the inevitable skewness of the label distribution and the complex hierarchical structure of the label space. We formulate the problem in a different learning paradigm, where the assignment of a text to a TTP label is decided by the direct semantic similarity between the two, thus reducing the complexity of competing solely over the large labeling space. To that end, we propose a neural matching architecture with an effective sampling-based learn-to-compare mechanism, facilitating the learning process of the matching model despite constrained resources.
title Noise Contrastive Estimation-based Matching Framework for Low-Resource Security Attack Pattern Recognition
topic Machine Learning
Artificial Intelligence
Computation and Language
Cryptography and Security
url https://arxiv.org/abs/2401.10337