Guardado en:
Detalles Bibliográficos
Autores principales: Kumarasinghe, Udesh, Lekssays, Ahmed, Sencar, Husrev Taha, Boughorbel, Sabri, Elvitigala, Charitha, Nakov, Preslav
Formato: Preprint
Publicado: 2024
Materias:
Acceso en línea:https://arxiv.org/abs/2403.17068
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866911812932337664
author Kumarasinghe, Udesh
Lekssays, Ahmed
Sencar, Husrev Taha
Boughorbel, Sabri
Elvitigala, Charitha
Nakov, Preslav
author_facet Kumarasinghe, Udesh
Lekssays, Ahmed
Sencar, Husrev Taha
Boughorbel, Sabri
Elvitigala, Charitha
Nakov, Preslav
contents We introduce a new method for extracting structured threat behaviors from threat intelligence text. Our method is based on a multi-stage ranking architecture that allows jointly optimizing for efficiency and effectiveness. Therefore, we believe this problem formulation better aligns with the real-world nature of the task considering the large number of adversary techniques and the extensive body of threat intelligence created by security analysts. Our findings show that the proposed system yields state-of-the-art performance results for this task. Results show that our method has a top-3 recall performance of 81\% in identifying the relevant technique among 193 top-level techniques. Our tests also demonstrate that our system performs significantly better (+40\%) than the widely used large language models when tested under a zero-shot setting.
format Preprint
id arxiv_https___arxiv_org_abs_2403_17068
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Semantic Ranking for Automated Adversarial Technique Annotation in Security Text
Kumarasinghe, Udesh
Lekssays, Ahmed
Sencar, Husrev Taha
Boughorbel, Sabri
Elvitigala, Charitha
Nakov, Preslav
Cryptography and Security
We introduce a new method for extracting structured threat behaviors from threat intelligence text. Our method is based on a multi-stage ranking architecture that allows jointly optimizing for efficiency and effectiveness. Therefore, we believe this problem formulation better aligns with the real-world nature of the task considering the large number of adversary techniques and the extensive body of threat intelligence created by security analysts. Our findings show that the proposed system yields state-of-the-art performance results for this task. Results show that our method has a top-3 recall performance of 81\% in identifying the relevant technique among 193 top-level techniques. Our tests also demonstrate that our system performs significantly better (+40\%) than the widely used large language models when tested under a zero-shot setting.
title Semantic Ranking for Automated Adversarial Technique Annotation in Security Text
topic Cryptography and Security
url https://arxiv.org/abs/2403.17068