Threat-related Document Clustering for Continuous Monitoring of Threat Intelligence

pdf

Continuous monitoring and sharing of threat intelligence have become a priority for organizations, as the cyberthreat landscape is evolving. Cybersecurity vendors regularly publish threat-related documents, which describe how sophisticated cyberattacks are performed and how the threat landscape is changing. However, threat-related documents are written in natural language and there are often documents published by multiple vendors discussing the similar set of cyberattacks. Thus, the task of extracting actionable intelligence from a high volume of natural language texts becomes inefficient and error-prone. The goal of this research is to aid cybersecurity researchers and practitioners gather actionable threat intelligence by clustering threat-related natural language documents by attack techniques, detection, and mitigation. We propose a natural language processing (NLP) and machine learning (ML) based document clustering pipeline, which would benefit cybersecurity practitioners and researchers in grouping similar threat-related documents, extracting actionable intelligence for thwarting similar patterns of attacks for efficient cyber threat hunting.

Md Rayhanur Rahman has started his Ph.D. program in the department of Computer Science at North Carolina State University. His research interest is in the area of Software Engineering and Software Security. Currently he is working on the research domain of mining the cyber threat intelligence artifacts.

 

 

Tags:
License: CC-2.5
Submitted by Laurie Williams on