University of Twente Student Theses


Retrieving ATT&CK tactics and techniques in cyber threat reports

Legoy, V.S.M. (2019) Retrieving ATT&CK tactics and techniques in cyber threat reports.

[img] PDF
Abstract:Threat intelligence sharing has been expanding during the last few years, leading cybersecurity professionals to have access to a large amount of open data. Among those, the tactics, techniques and procedures (TTPs) related to a cyber threat are particularly valuable but generally found in unstructured textual reports, so-called Cyber Threat Reports (CTRs). In this study, we evaluate different multi-label text classification models to retrieve TTPs from textual sources, based on the ATT&CK framework – an open knowledge base of adversarial tactics and techniques. We also review several post-processing approaches using the relationship between the various labels in order to improve the classification. Our final contribution is the creation of a tool able to extract ATT&CK tactics and techniques from a CTR to a structured format, which, with more data, could reach a macro-averaged F0.5 score of 80% for the prediction of tactics and over 27.5% for the prediction of techniques.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page