Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.

Relation extraction techniques in cyber threat intelligence / D.R. Arikkat, P. Vinod, R. K. A. R., S. Nicolazzo, A. Nocera, M. Conti (LECTURE NOTES IN COMPUTER SCIENCE). - In: Natural language processing and information systems : 29th International conference on applications of Natural language to information systems, NLDB 2024 : Turin, Italy, June 25–27, 2024 : Proceedings, Part I / [a cura di] A. Rapp, L. Di Caro, F. Meziane, V. Sugumaran. - Cham : Springer, 2024. - ISBN 9783031702389. - pp. 348-363 (( Intervento presentato al 29. convegno International conference on Natural language and information systems (NLDB) tenutosi a Torino nel 2024 [10.1007/978-3-031-70239-6_24].

Relation extraction techniques in cyber threat intelligence

S. Nicolazzo;
2024

Abstract

Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.
relation extraction; large language model; dependancy parsing; cyber threat intelligence; entities
Settore INFO-01/A - Informatica
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
   Organization sPecific Threat Intelligence Mining and sharing
   OPTIMA
   European Commission
   Horizon Europe Framework Programme
   101063107

   SEcurity and RIghts in the CyberSpace (SERICS)
   SERICS
   MINISTERO DELL'UNIVERSITA' E DELLA RICERCA
   codice identificativo PE00000014
2024
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
NLDB24.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 343.26 kB
Formato Adobe PDF
343.26 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/1115232
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact