Semantic Ranking for Automated Adversarial Technique Annotation in Security Text

Udesh Kumarasinghe, Ahmed Lekssays, Husrev Taha Sencar, Sabri Boughorbel, Charitha Elvitigala, Preslav Nakov

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We introduce a novel approach for mapping attack behaviors described in threat analysis reports to entries in an adversarial techniques knowledge base. Our method leverages a multi-stage ranking architecture to efficiently rank the most related techniques based on their semantic relevance to the input text. Each ranker in our pipeline uses a distinct design for text representation. To enhance relevance modeling, we leverage pretrained language models, which we fine-tune for the technique annotation task. While generic large language models are not yet capable of fully addressing this challenge, we obtain very promising results. We achieve a recall rate improvement of +35% compared to the previous state-of-the-art results. We further create new public benchmark datasets for training and validating methods in this domain, which we release to the research community aiming to promote future research in this important direction.

Original languageEnglish
Title of host publicationACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages49-62
Number of pages14
ISBN (Electronic)9798400704826
DOIs
Publication statusPublished - 1 Jul 2024
Event19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 - Singapore, Singapore
Duration: 1 Jul 20245 Jul 2024

Publication series

NameACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Conference

Conference19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024
Country/TerritorySingapore
CitySingapore
Period1/07/245/07/24

Keywords

  • TTP annotation
  • Text attribution
  • Text ranking
  • Threat intelligence

Fingerprint

Dive into the research topics of 'Semantic Ranking for Automated Adversarial Technique Annotation in Security Text'. Together they form a unique fingerprint.

Cite this