Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.
Relation extraction techniques in cyber threat intelligence / D.R. Arikkat, P. Vinod, R. K. A. R., S. Nicolazzo, A. Nocera, M. Conti (LECTURE NOTES IN COMPUTER SCIENCE). - In: Natural language processing and information systems : 29th International conference on applications of Natural language to information systems, NLDB 2024 : Turin, Italy, June 25–27, 2024 : Proceedings, Part I / [a cura di] A. Rapp, L. Di Caro, F. Meziane, V. Sugumaran. - Cham : Springer, 2024. - ISBN 9783031702389. - pp. 348-363 (( Intervento presentato al 29. convegno International conference on Natural language and information systems (NLDB) tenutosi a Torino nel 2024 [10.1007/978-3-031-70239-6_24].
Relation extraction techniques in cyber threat intelligence
S. Nicolazzo;
2024
Abstract
Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.File | Dimensione | Formato | |
---|---|---|---|
NLDB24.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
343.26 kB
Formato
Adobe PDF
|
343.26 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.