CTI View: APT Threat Intelligence Analysis System

CTI View: APT Threat Intelligence Analysis System

With the development of advanced persistent threat (APT) and the increasingly severe situation of network security, the strategic defense idea with the concept of “active defense, traceability, and countermeasures” arises at the historic moment, thus cyberspace threat intelligence (CTI) has become i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Security and communication networks 2022-01, Vol.2022, p.1-15
Hauptverfasser: Zhou, Yinghai, Tang, Yi, Yi, Ming, Xi, Chuanyu, Lu, Hai
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Coders
Cybercrime
Cybersecurity
Espionage
Intelligence (information)
Intelligence gathering
Internet
Natural language processing
Nuclear power plants
Ransomware
Threat evaluation
Threats
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 15
container_issue
container_start_page 1
container_title Security and communication networks
container_volume 2022
creator Zhou, Yinghai
Tang, Yi
Yi, Ming
Xi, Chuanyu
Lu, Hai
description With the development of advanced persistent threat (APT) and the increasingly severe situation of network security, the strategic defense idea with the concept of “active defense, traceability, and countermeasures” arises at the historic moment, thus cyberspace threat intelligence (CTI) has become increasingly valuable in enhancing the ability to resist cyber threats. Based on the actual demand of defending against the APT threat, we apply natural language processing to process the cyberspace threat intelligence (CTI) and design a new automation system CTI View, which is oriented to text extraction and analysis for the massive unstructured cyberspace threat intelligence (CTI) released by various security vendors. The main work of CTI View is as follows: (1) to deal with heterogeneous CTI, a text extraction framework for threat intelligence is designed based on automated test framework, text recognition technology, and text denoising technology. It effectively solves the problem of poor adaptability when crawlers are used to crawl heterogeneous CTI; (2) using regular expressions combined with blacklist and whitelist mechanism to extract the IOC and TTP information described in CTI effectively; (3) according to the actual requirements, a model based on bidirectional encoder representations from transformers (BERT) is designed to complete the entity extraction algorithm for heterogeneous threat intelligence. In this paper, the GRU layer is added to the existing BERT-BiLSTM-CRF model, and we evaluate the proposed model on the marked dataset and get better performance than the current mainstream entity extraction mode.
doi_str_mv 10.1155/2022/9875199
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2619951103</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2619951103</sourcerecordid><originalsourceid>FETCH-LOGICAL-c337t-91cc7305437ade424281471d1c2a8acb3183f97de08bfb5f35b933a55d1755903</originalsourceid><addsrcrecordid>eNp9kEFLwzAUx4MoOKc3P0DAo9blJc3SeCtl6mCgYPUa0jR1GV07k47Rb29Hh0dP73_48d7__RC6BfIIwPmMEkpnMhEcpDxDE5BMRgQoPf_LEF-iqxA2hMwhFvEEQZYv8Zezhyecvuc4X3urO7xsOlvX7ts2xuK00XUfXMAffejs9hpdVLoO9uY0p-jzeZFnr9Hq7WWZpavIMCa6SIIxghEeM6FLG9OYJsNFKMFQnWhTMEhYJUVpSVJUBa8YLyRjmvMSBOeSsCm6G_fufPuzt6FTm3bvhy5B0fnwIAcgbKAeRsr4NgRvK7Xzbqt9r4CooxR1lKJOUgb8fsTXrin1wf1P_wJZC13U</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2619951103</pqid></control><display><type>article</type><title>CTI View: APT Threat Intelligence Analysis System</title><source>Wiley-Blackwell Open Access Collection</source><source>Alma/SFX Local Collection</source><source>EZB Electronic Journals Library</source><creator>Zhou, Yinghai ; Tang, Yi ; Yi, Ming ; Xi, Chuanyu ; Lu, Hai</creator><contributor>Zhaoquan, Gu ; Gu Zhaoquan</contributor><creatorcontrib>Zhou, Yinghai ; Tang, Yi ; Yi, Ming ; Xi, Chuanyu ; Lu, Hai ; Zhaoquan, Gu ; Gu Zhaoquan</creatorcontrib><description>With the development of advanced persistent threat (APT) and the increasingly severe situation of network security, the strategic defense idea with the concept of “active defense, traceability, and countermeasures” arises at the historic moment, thus cyberspace threat intelligence (CTI) has become increasingly valuable in enhancing the ability to resist cyber threats. Based on the actual demand of defending against the APT threat, we apply natural language processing to process the cyberspace threat intelligence (CTI) and design a new automation system CTI View, which is oriented to text extraction and analysis for the massive unstructured cyberspace threat intelligence (CTI) released by various security vendors. The main work of CTI View is as follows: (1) to deal with heterogeneous CTI, a text extraction framework for threat intelligence is designed based on automated test framework, text recognition technology, and text denoising technology. It effectively solves the problem of poor adaptability when crawlers are used to crawl heterogeneous CTI; (2) using regular expressions combined with blacklist and whitelist mechanism to extract the IOC and TTP information described in CTI effectively; (3) according to the actual requirements, a model based on bidirectional encoder representations from transformers (BERT) is designed to complete the entity extraction algorithm for heterogeneous threat intelligence. In this paper, the GRU layer is added to the existing BERT-BiLSTM-CRF model, and we evaluate the proposed model on the marked dataset and get better performance than the current mainstream entity extraction mode.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2022/9875199</identifier><language>eng</language><publisher>London: Hindawi</publisher><subject>Algorithms ; Coders ; Cybercrime ; Cybersecurity ; Espionage ; Intelligence (information) ; Intelligence gathering ; Internet ; Natural language processing ; Nuclear power plants ; Ransomware ; Threat evaluation ; Threats</subject><ispartof>Security and communication networks, 2022-01, Vol.2022, p.1-15</ispartof><rights>Copyright © 2022 Yinghai Zhou et al.</rights><rights>Copyright © 2022 Yinghai Zhou et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c337t-91cc7305437ade424281471d1c2a8acb3183f97de08bfb5f35b933a55d1755903</citedby><cites>FETCH-LOGICAL-c337t-91cc7305437ade424281471d1c2a8acb3183f97de08bfb5f35b933a55d1755903</cites><orcidid>0000-0001-9424-8282 ; 0000-0002-0361-701X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27915,27916</link.rule.ids></links><search><contributor>Zhaoquan, Gu</contributor><contributor>Gu Zhaoquan</contributor><creatorcontrib>Zhou, Yinghai</creatorcontrib><creatorcontrib>Tang, Yi</creatorcontrib><creatorcontrib>Yi, Ming</creatorcontrib><creatorcontrib>Xi, Chuanyu</creatorcontrib><creatorcontrib>Lu, Hai</creatorcontrib><title>CTI View: APT Threat Intelligence Analysis System</title><title>Security and communication networks</title><description>With the development of advanced persistent threat (APT) and the increasingly severe situation of network security, the strategic defense idea with the concept of “active defense, traceability, and countermeasures” arises at the historic moment, thus cyberspace threat intelligence (CTI) has become increasingly valuable in enhancing the ability to resist cyber threats. Based on the actual demand of defending against the APT threat, we apply natural language processing to process the cyberspace threat intelligence (CTI) and design a new automation system CTI View, which is oriented to text extraction and analysis for the massive unstructured cyberspace threat intelligence (CTI) released by various security vendors. The main work of CTI View is as follows: (1) to deal with heterogeneous CTI, a text extraction framework for threat intelligence is designed based on automated test framework, text recognition technology, and text denoising technology. It effectively solves the problem of poor adaptability when crawlers are used to crawl heterogeneous CTI; (2) using regular expressions combined with blacklist and whitelist mechanism to extract the IOC and TTP information described in CTI effectively; (3) according to the actual requirements, a model based on bidirectional encoder representations from transformers (BERT) is designed to complete the entity extraction algorithm for heterogeneous threat intelligence. In this paper, the GRU layer is added to the existing BERT-BiLSTM-CRF model, and we evaluate the proposed model on the marked dataset and get better performance than the current mainstream entity extraction mode.</description><subject>Algorithms</subject><subject>Coders</subject><subject>Cybercrime</subject><subject>Cybersecurity</subject><subject>Espionage</subject><subject>Intelligence (information)</subject><subject>Intelligence gathering</subject><subject>Internet</subject><subject>Natural language processing</subject><subject>Nuclear power plants</subject><subject>Ransomware</subject><subject>Threat evaluation</subject><subject>Threats</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>RHX</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp9kEFLwzAUx4MoOKc3P0DAo9blJc3SeCtl6mCgYPUa0jR1GV07k47Rb29Hh0dP73_48d7__RC6BfIIwPmMEkpnMhEcpDxDE5BMRgQoPf_LEF-iqxA2hMwhFvEEQZYv8Zezhyecvuc4X3urO7xsOlvX7ts2xuK00XUfXMAffejs9hpdVLoO9uY0p-jzeZFnr9Hq7WWZpavIMCa6SIIxghEeM6FLG9OYJsNFKMFQnWhTMEhYJUVpSVJUBa8YLyRjmvMSBOeSsCm6G_fufPuzt6FTm3bvhy5B0fnwIAcgbKAeRsr4NgRvK7Xzbqt9r4CooxR1lKJOUgb8fsTXrin1wf1P_wJZC13U</recordid><startdate>20220103</startdate><enddate>20220103</enddate><creator>Zhou, Yinghai</creator><creator>Tang, Yi</creator><creator>Yi, Ming</creator><creator>Xi, Chuanyu</creator><creator>Lu, Hai</creator><general>Hindawi</general><general>Hindawi Limited</general><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0001-9424-8282</orcidid><orcidid>https://orcid.org/0000-0002-0361-701X</orcidid></search><sort><creationdate>20220103</creationdate><title>CTI View: APT Threat Intelligence Analysis System</title><author>Zhou, Yinghai ; Tang, Yi ; Yi, Ming ; Xi, Chuanyu ; Lu, Hai</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c337t-91cc7305437ade424281471d1c2a8acb3183f97de08bfb5f35b933a55d1755903</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Algorithms</topic><topic>Coders</topic><topic>Cybercrime</topic><topic>Cybersecurity</topic><topic>Espionage</topic><topic>Intelligence (information)</topic><topic>Intelligence gathering</topic><topic>Internet</topic><topic>Natural language processing</topic><topic>Nuclear power plants</topic><topic>Ransomware</topic><topic>Threat evaluation</topic><topic>Threats</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zhou, Yinghai</creatorcontrib><creatorcontrib>Tang, Yi</creatorcontrib><creatorcontrib>Yi, Ming</creatorcontrib><creatorcontrib>Xi, Chuanyu</creatorcontrib><creatorcontrib>Lu, Hai</creatorcontrib><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access Journals</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies &amp; Aerospace Database‎ (1962 - current)</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhou, Yinghai</au><au>Tang, Yi</au><au>Yi, Ming</au><au>Xi, Chuanyu</au><au>Lu, Hai</au><au>Zhaoquan, Gu</au><au>Gu Zhaoquan</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>CTI View: APT Threat Intelligence Analysis System</atitle><jtitle>Security and communication networks</jtitle><date>2022-01-03</date><risdate>2022</risdate><volume>2022</volume><spage>1</spage><epage>15</epage><pages>1-15</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>With the development of advanced persistent threat (APT) and the increasingly severe situation of network security, the strategic defense idea with the concept of “active defense, traceability, and countermeasures” arises at the historic moment, thus cyberspace threat intelligence (CTI) has become increasingly valuable in enhancing the ability to resist cyber threats. Based on the actual demand of defending against the APT threat, we apply natural language processing to process the cyberspace threat intelligence (CTI) and design a new automation system CTI View, which is oriented to text extraction and analysis for the massive unstructured cyberspace threat intelligence (CTI) released by various security vendors. The main work of CTI View is as follows: (1) to deal with heterogeneous CTI, a text extraction framework for threat intelligence is designed based on automated test framework, text recognition technology, and text denoising technology. It effectively solves the problem of poor adaptability when crawlers are used to crawl heterogeneous CTI; (2) using regular expressions combined with blacklist and whitelist mechanism to extract the IOC and TTP information described in CTI effectively; (3) according to the actual requirements, a model based on bidirectional encoder representations from transformers (BERT) is designed to complete the entity extraction algorithm for heterogeneous threat intelligence. In this paper, the GRU layer is added to the existing BERT-BiLSTM-CRF model, and we evaluate the proposed model on the marked dataset and get better performance than the current mainstream entity extraction mode.</abstract><cop>London</cop><pub>Hindawi</pub><doi>10.1155/2022/9875199</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0001-9424-8282</orcidid><orcidid>https://orcid.org/0000-0002-0361-701X</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1939-0114
ispartof Security and communication networks, 2022-01, Vol.2022, p.1-15
issn 1939-0114
1939-0122
language eng
recordid cdi_proquest_journals_2619951103
source Wiley-Blackwell Open Access Collection; Alma/SFX Local Collection; EZB Electronic Journals Library
subjects Algorithms
Coders
Cybercrime
Cybersecurity
Espionage
Intelligence (information)
Intelligence gathering
Internet
Natural language processing
Nuclear power plants
Ransomware
Threat evaluation
Threats
title CTI View: APT Threat Intelligence Analysis System
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T19%3A04%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=CTI%20View:%20APT%20Threat%20Intelligence%20Analysis%20System&rft.jtitle=Security%20and%20communication%20networks&rft.au=Zhou,%20Yinghai&rft.date=2022-01-03&rft.volume=2022&rft.spage=1&rft.epage=15&rft.pages=1-15&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2022/9875199&rft_dat=%3Cproquest_cross%3E2619951103%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2619951103&rft_id=info:pmid/&rfr_iscdi=true