TY - GEN
T1 - Semantic Ranking for Automated Adversarial Technique Annotation in Security Text
AU - Kumarasinghe, Udesh
AU - Lekssays, Ahmed
AU - Sencar, Husrev Taha
AU - Boughorbel, Sabri
AU - Elvitigala, Charitha
AU - Nakov, Preslav
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/7/1
Y1 - 2024/7/1
N2 - We introduce a novel approach for mapping attack behaviors described in threat analysis reports to entries in an adversarial techniques knowledge base. Our method leverages a multi-stage ranking architecture to efficiently rank the most related techniques based on their semantic relevance to the input text. Each ranker in our pipeline uses a distinct design for text representation. To enhance relevance modeling, we leverage pretrained language models, which we fine-tune for the technique annotation task. While generic large language models are not yet capable of fully addressing this challenge, we obtain very promising results. We achieve a recall rate improvement of +35% compared to the previous state-of-the-art results. We further create new public benchmark datasets for training and validating methods in this domain, which we release to the research community aiming to promote future research in this important direction.
AB - We introduce a novel approach for mapping attack behaviors described in threat analysis reports to entries in an adversarial techniques knowledge base. Our method leverages a multi-stage ranking architecture to efficiently rank the most related techniques based on their semantic relevance to the input text. Each ranker in our pipeline uses a distinct design for text representation. To enhance relevance modeling, we leverage pretrained language models, which we fine-tune for the technique annotation task. While generic large language models are not yet capable of fully addressing this challenge, we obtain very promising results. We achieve a recall rate improvement of +35% compared to the previous state-of-the-art results. We further create new public benchmark datasets for training and validating methods in this domain, which we release to the research community aiming to promote future research in this important direction.
KW - TTP annotation
KW - Text attribution
KW - Text ranking
KW - Threat intelligence
UR - http://www.scopus.com/inward/record.url?scp=85199285930&partnerID=8YFLogxK
U2 - 10.1145/3634737.3645000
DO - 10.1145/3634737.3645000
M3 - Conference contribution
AN - SCOPUS:85199285930
T3 - ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
SP - 49
EP - 62
BT - ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024
Y2 - 1 July 2024 through 5 July 2024
ER -