Automatic Mapping of Threat Information to Adversary Techniques Using Different Datasets

Mendsaikhan, Otgonpurev; Hasegawa, Hirokazu; Yamaguchi, Yukiko; Shimada, Hajime

Home // International Journal On Advances in Security, volume 14, numbers 1 and 2, 2021 // View article

Automatic Mapping of Threat Information to Adversary Techniques Using Different Datasets

Authors:
Otgonpurev Mendsaikhan
Hirokazu Hasegawa
Yukiko Yamaguchi
Hajime Shimada

Keywords: Multi-label classification; MITRE ATT&CK; Cyber Threat

Abstract:
Along with the growth in the usage of software in almost every aspect of human life, the risks associated with software security vulnerabilities also increase. The number of average daily published software vulnerabilities exceeds the human ability to cope with it; hence, various threat models to generalize the threat landscape have been developed. The most prevalent threat model MITRE ATT&CK proved to be a valuable tool for the security analyst to perform cyber threat intelligence, red and blue teaming, and so on. However, the security analyst must prioritize his/her defense by manually mapping the daily published threat information to the adversarial techniques listed in MITRE ATT&CK for his/her day-to-day operation. This paper proposes a method to automatically map the cyber threat information using a multi-label classification approach. We conducted four experiments using three publicly available datasets to train and test seven multi-label classification methods and one pre-trained language model in six evaluation measures. According to our estimate, the LabelPowerset method with Multilayer Perceptron as the base classifier performs best in our experiment.

Pages: 37 to 47

Publication date: December 31, 2021

Published in: journal

ISSN: 1942-2636