Smart Validator: A framework for automatic identification and classification of cyber threat data

Islam Chadni; Babar M. Ali; Croft RolandJanicke Helge

首页> 外文期刊>Journal of network and computer applications >Smart Validator: A framework for automatic identification and classification of cyber threat data

【24h】

Smart Validator: A framework for automatic identification and classification of cyber threat data

机译：Smart Validator: A framework for automatic identification and classification of cyber threat data

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相关主题

摘要

A wide variety of Cyber Threat Information (CTI) is used by Security Operation Centres (SOCs) to perform validation of security incidents and alerts. Security experts manually define different types of rules and scripts based on CTI to perform validation tasks. These rules and scripts need to be updated continuously due to evolving threats, changing SOCs' requirements and dynamic nature of CTI. The manual process of updating rules and scripts delays the response to attacks. To reduce the burden of human experts and accelerate response, we propose a novel Artificial Intelligence (AI) based framework, SmartValidator. SmartValidator leverages Machine Learning (ML) techniques to enable automated validation of alerts. It consists of three layers to perform the tasks of data collection, model building and alert validation. It projects the validation task as a classification problem. Instead of building and saving models for all possible requirements, we propose to automatically construct the validation models based on SOC's requirements and CTI. We built a Proof of Concept (PoC) system with eight ML algorithms, two feature engineering techniques and 18 requirements to investigate the effectiveness and efficiency of SmartValidator. The evaluation results showed that when prediction models were built automatically for classifying cyber threat data, the F1-score of 75% of the models were above 0.8, which indicates adequate performance of the PoC for use in a real-world organization. The results further showed that dynamic construction of prediction models required 99% less models to be built than pre-building models for all possible requirements. Thus, SmartValidator is much more efficient to use when SOCs' requirements and threat behaviour are constantly evolving. The framework can be followed by various industries to accelerate and automate the validation of alerts and incidents based on their CTI and SOC's preferences.

著录项

来源
《Journal of network and computer applications》 |2022年第6期|103370.1-103370.20|共20页
作者
Islam Chadni; Babar M. Ali; Croft RolandJanicke Helge;
展开▼
作者单位

Univ Adelaide, CREST Ctr Res Engn Software Technol, Adelaide, SA, Australia|Cyber Secur Cooperat Res Ctr, Joondalup, WA, Australia;

Cyber Secur Cooperat Res Ctr, Joondalup, WA, Australia;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种英语
中图分类
关键词
Security Operation Centre; Cyber Threat Information; Threat intelligence; Alert validator; Cyber security; Threat data; Security automation; Machine Learning; Artificial Intelligence; Natural language processing;

Smart Validator: A framework for automatic identification and classification of cyber threat data

摘要

著录项

相关主题

期刊订阅