University of Twente Student Theses
Retrieving ATT&CK tactics and techniques in cyber threat reports
Legoy, V.S.M. (2019) Retrieving ATT&CK tactics and techniques in cyber threat reports.
|
PDF
2MB |
| Abstract: | Threat intelligence sharing has been expanding during the last few years, leading cybersecurity professionals to have access to a large amount of open data. Among those, the tactics, techniques and procedures (TTPs) related to a cyber threat are particularly valuable but generally found in unstructured textual reports, so-called Cyber Threat Reports (CTRs). In this study, we evaluate different multi-label text classification models to retrieve TTPs from textual sources, based on the ATT&CK framework – an open knowledge base of adversarial tactics and techniques. We also review several post-processing approaches using the relationship between the various labels in order to improve the classification. Our final contribution is the creation of a tool able to extract ATT&CK tactics and techniques from a CTR to a structured format, which, with more data, could reach a macro-averaged F0.5 score of 80% for the prediction of tactics and over 27.5% for the prediction of techniques. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/80012 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page