HIN-CTIA CYBER THREAT INTELLIGENCE MODELING AND IDENTIFICATION SYSTEM BASED ON HETEROGENEOUS INFORMATION NETWORK
DOI:
https://doie.org/10.5281/n0cyhg55Keywords:
Cyber threat intelligence, threat type identification, heterogeneous information network, graph convolutional network, threat infrastructure nodes.,,Abstract
There has been an increase in the number of businesses prepared to use cyber threat
intelligence (CTI) to better understand the cyber security landscape. Automatically identifying
the danger type of infrastructure nodes for early warning is difficult due to the restricted labels
of cyber threat infrastructure nodes included in CTI. To overcome these obstacles, we create
the practical system HinCTI, which models cyber threat intelligence and classifies different
kinds of threats. To illustrate the semantic connection between infrastructure nodes, we first
create a threat intelligence meta-schema. We then apply the CTI model to an HIN simulation.
Next, we define a threat Infrastructure similarity measure between threat infrastructure nodes
based on meta-paths and meta-graph instances, and we introduce a MIIS measure-based
heterogeneous graph convolutional network (GCN) approach for determining the types of
infrastructure nodes that pose threats to CTI. To the best of our knowledge, this is the first
effort to present a heterogeneous GCN-based method to threat type identification of
infrastructure nodes and to model CTI on HIN for threat identification. Extensive tests are run
on real-world datasets using HinCTI, and the findings show that our suggested methodology
can greatly outperform the state-of-the-art baseline approaches in terms of threat type detection.
References
S. Samtani, M. Abate, V. Benjamin, and W. Li, Cybersecurity as an Industry: A Cyber
Threat Intelligence Perspective, pp. 1–20. Cham: Springer International Publishing, 2019.
McMillan,
“Definition:
threat
intelligence.”
com/doc/2487216/definition-threat-intelligence, 2013. Retrieved January, 2019.
D. Bianco, “The Pyramid of Pain.” http://detectrespond.blogspot.com/2013/03/the
pyramid-of-pain.html, 2013.
A. Modi, Z. Sun, A. Panwar, T. Khairnar, Z. Zhao, A. Doupé, G.-J. Ahn, and P. Black,
“Towards automated threat intelligence fusion,” in IEEE 2nd International Conference on
Collaboration and Internet Computing (CIC), pp. 408–416, IEEE, 2016.
A. Boukhtouta, D. Mouheb, M. Debbabi, O. Alfandi, F. Iqbal, and M. El Barachi, “Graph
theoretic characterization of cyber-threat infrastructures,” Digital Investigation, vol. 14, pp.
S3–S15, 2015.
C. Sillaber, C. Sauerwein, A. Mussmann, and R. Breu, “Data quality challenges and future
research directions in threat intelligence sharing practice,” in Workshop on Information
Sharing and Collaborative Security, pp. 65–70, ACM, 2016.
S. Lee, H. Cho, N. Kim, B. Kim, and J. Park, “Managing cyber threat intelligence in a
graph database: Methods of analyzing intrusion sets, threat actors, and campaigns,” in
International Conference on Platform Technology and Service (PlatCon), pp. 1–6, IEEE, 2018.
X. Liao, K. Yuan, X. Wang, Z. Li, L. Xing, and R. Beyah, “Acing the IOC game: Toward
automatic discovery and analysis of open-source cyber threat intelligence,” in Proceedings of
the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755
, ACM, 2016.
G. Husari, E. Al-Shaer, M. Ahmed, B. Chu, and X. Niu, “TTPDrill: Automatic and Accurate
Extraction of Threat Actions from Unstructured Text of CTI Sources,” in Proceedings of the
rd Annual Computer Security Applications Conference, pp. 103–115, ACM, 2017.
F. Böhm, F. Menges, and G. Pernul, “Graph-based visual analytics for cyber threat
intelligence,” Cybersecurity, vol. 1, no. 1, p. 16, 2018.
U. Noor, Z. Anwar, A. W. Malik, S. Khan, and S. Saleem, “A machine learning
framework for investigating data breaches based on semantic analysis of adversary’s attack
patterns in threat intelligence repositories,” Future Generation Computer Systems, 2019.
