Litcius/Paper detail

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

Md Rayhanur Rahman, Rezvan Mahdavi-Hezaveh, Laurie Williams

2022ACM Computing Surveys58 citationsDOIOpen Access PDF

Abstract

Cybersecurity researchers have contributed to the automated extraction of CTI from textual sources, such as threat reports and online articles describing cyberattack strategies, procedures, and tools. The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature. Our work finds 11 types of extraction purposes and 7 types of textual sources for CTI extraction. We observe the technical challenges associated with obtaining available clean and labeled data for replication, validation, and further extension of the studies. We advocate for building upon the current CTI extraction work to help cybersecurity practitioners with proactive decision-making such as in threat prioritization and mitigation strategy formulation to utilize knowledge from past cybersecurity incidents.

Topics & Concepts

Computer sciencePaceComputer securityPrioritizationWork (physics)Data scienceData extractionManagement scienceMEDLINEEconomicsGeodesyMechanical engineeringEngineeringLawPolitical scienceGeographyInformation and Cyber SecurityCybercrime and Law Enforcement StudiesAdvanced Malware Detection Techniques
What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey | Litcius