Hyper attack graph: Constructing a hypergraph for cyber threat intelligence analysis
Cybersecurity experts are actively exploring and implementing automated technologies to extract and present attack information from Cyber Threat Intelligence. However, there are multiple relations among security entities within Cyber Threat Intelligence, a feature that existing technologies often ov...
Saved in:
| Published in: | Computers & security Vol. 149; p. 104194 |
|---|---|
| Main Authors: | , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Elsevier Ltd
01-02-2025
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Cybersecurity experts are actively exploring and implementing automated technologies to extract and present attack information from Cyber Threat Intelligence. However, there are multiple relations among security entities within Cyber Threat Intelligence, a feature that existing technologies often overlook. Additionally, integrating external security knowledge into cyber threat intelligence intuitively during analysis and presentation poses challenges. We propose the Hyper Attack Graph (HAG) framework, the first work to apply hypergraph data structures in the analysis of cyber threat intelligence. Our approach uses a joint extraction model that incorporates a multi-head selection mechanism, effectively addressing the extraction of multiple relations among security entities. We use hypergraph to display tactics and techniques in cyber threat intelligence. Our evaluation of the HAG framework on 685 real-world cyber threat intelligence reports shows an increase in the F1 score for security entity extraction by 11.12% and for relation extraction by 6.71% over existing efforts. Furthermore, HAG’s ability to visually represent external security knowledge on hypergraphs demonstrates its potential as a valuable tool in cybersecurity analysis. |
|---|---|
| ISSN: | 0167-4048 |
| DOI: | 10.1016/j.cose.2024.104194 |