3 results on '"Ge, Wenhan"'
Search Results
2. STIOCS: Active learning-based semi-supervised training framework for IOC extraction.
- Author
-
Tang, Binhui, Li, Xiaohui, Wang, Junfeng, Ge, Wenhan, Yu, Zhongkun, and Lin, Tongcan
- Subjects
- *
SUPERVISED learning , *CONVOLUTIONAL neural networks , *MACHINE learning , *RECURRENT neural networks , *CYBER intelligence (Computer security) , *ACTIVE learning - Abstract
Cyber Threat Intelligence (CTI) contains numerous Indicators of Compromise (IOCs) and contextual information, crucial for understanding threat actors' behavior and intentions. However, current information extraction predominantly relies on supervised learning algorithms, presenting challenges in the field of CTI for two reasons. Firstly, the scarcity of labeled data with IOCs hampers the effectiveness of supervised learning. Secondly, existing methods struggle to extract comprehensive contextual features, posing difficulties in IOC recognition within CTI. To address these limitations and better suit the unique characteristics of CTI text, this paper introduces STIOCS, a semi-supervised framework that combines active learning and self-training for IOC extraction. STIOCS enhances IOC extraction accuracy and efficiency by leveraging limited labeled data and a rich unannotated corpus. Firstly, the Active Learning (AL) approach uses the Density-based Spatial Clustering of Applications with Noise (DBSCAN) algorithm to select reliable samples that can reduce noise pollution on pseudo-labeling in self-training. The extraction model integrates Convolutional Neural Network (CNN) and Recurrent Neural Network (RNN) algorithms to extract local and sequential features from CTI text, respectively. Then, the semantic features are enhanced by using the different sizes of convolutional kernels to fuse the two types of features. Finally, the Conditional Random Fields (CRF) layer is employed to recognize IOC entities. Our experimental results demonstrate the effectiveness and robustness of our proposed method in IOC extraction, even with limited labeled data. Compared to supervised methods, our proposed method is only approximately 40% of the dataset is labeled, the F1 scores are achieved better than the existing methods and exhibit consistent performance improvements as the dataset size increases. STIOCS effectively suppresses weak label noise, reduces training costs, and enhances the recognition model's performance. It provides a cost-effective training framework for entity extraction in cyber threat intelligence. [Display omitted] • This paper proposes a semi-supervised active learning framework, STIOCS, aimed at improving the efficiency of IOC extraction in CTI and addressing the challenge of model degradation due to inadequate IOC annotation data. • Firstly, we extract valuable information from unlabeled data during self-training, but pseudo-labeling noise can potentially degrade model accuracy. • Secondly, we propose an active learning method aligned with the training objective to effectively select samples that enhance model performance. • Finally, we conduct extensive experiments on IOC extraction tasks using the fusion model, demonstrating superior performance compared to existing methods. [ABSTRACT FROM AUTHOR]
- Published
- 2023
- Full Text
- View/download PDF
3. Advanced Persistent Threat intelligent profiling technique: A survey.
- Author
-
Tang, BinHui, Wang, JunFeng, Yu, Zhongkun, Chen, Bohan, Ge, Wenhan, Yu, Jian, and Lu, TingTing
- Subjects
- *
KNOWLEDGE graphs , *ELECTRONIC data processing , *INFORMATION technology , *SCIENTIFIC community , *DEEP learning - Abstract
With the boom in Internet and information technology, cyber-attacks are becoming more frequent and sophisticated, especially Advanced Persistent Threat (APT) attacks. Unlike traditional attacks, APT attacks are more targeted, stealthy, and adversarial, rendering it challenging to manually analyze threat behaviors for APT detection, attribution, and response. Therefore, the research community has focused on intelligent defense methods. Intelligent threat profiling is dedicated to analyzing APT attacks and improving defense capability with Knowledge Graph and Deep Learning methods. With this insight, this paper provides the first systematic review of intelligent threat profiling techniques for APT attacks, covering three aspects: data, methods, and applications. The contents include data processing techniques, threat modeling, representation, reasoning methods, etc. Furthermore, this paper summarizes the latest research in applications, proposes the research framework and technical architecture, and provides insights into future research trends. This paper contributes to recognizing the advantages and challenges of intelligent threat profiling. It paves the way for integrating knowledge graphs and deep learning to achieve intelligent security. [Display omitted] • The first review paper on intelligent threat profiling of Advanced Persistent Threat. • Summarizes the research findings on three aspects: data, methods and applications. • Proposes the research framework and technical architecture of intelligent threat profiling. • Analyzes the challenges and provides insights into future research trends. [ABSTRACT FROM AUTHOR]
- Published
- 2022
- Full Text
- View/download PDF
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.