Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach

IF 7 2区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Mis Quarterly Pub Date : 2024-03-01 DOI:10.25300/misq/2023/17316

Benjamin M. Ampel, Sagar Samtani, Hongyi Zhu, Hsinchun Chen

{"title":"Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach","authors":"Benjamin M. Ampel, Sagar Samtani, Hongyi Zhu, Hsinchun Chen","doi":"10.25300/misq/2023/17316","DOIUrl":null,"url":null,"abstract":"<style>#html-body [data-pb-style=YM00THS]{justify-content:flex-start;display:flex;flex-direction:column;background-position:left top;background-size:cover;background-repeat:no-repeat;background-attachment:scroll}</style>The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.","PeriodicalId":49807,"journal":{"name":"Mis Quarterly","volume":"66 4 1","pages":""},"PeriodicalIF":7.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mis Quarterly","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.25300/misq/2023/17316","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

利用黑客漏洞标签创建前瞻性网络威胁情报：深度迁移学习方法

#html-body[data-pb-style=YM00THS]{justify-content:flex-start;display:flex;flex-direction:column;background-position:left-top;background-size:cover;background-repeat:no-repeat;background-attachment:scroll}随着复杂信息系统的迅速发展，可造成不可挽回的网络漏洞的漏洞数量也在不断增加。为了减轻这些网络威胁，学术界和工业界都非常重视主动识别和标记国际黑客社区开发的漏洞。然而，对黑客论坛中的漏洞进行标注的主流方法并没有利用漏洞暗网市场或公共漏洞库中的元数据来提高标注性能。在本研究中，我们采用计算设计科学范式开发了一种新型信息技术工具--深度转移学习漏洞利用标签器（DTL-EL）。DTL-EL 融合了预初始化设计、多层深度迁移学习（DTL）和自我关注机制，可自动标记黑客论坛中的漏洞。我们对照基于经典机器学习和深度学习的最先进的非DTL基准方法，对所提出的DTL-EL进行了严格评估。结果表明，基于准确度、精确度、召回率和 F1 分数，拟议的 DTL-EL 明显优于基准方法。我们提出的 DTL-EL 框架为网络安全管理人员、分析师和教育工作者等关键利益相关者提供了重要的实际意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Mis Quarterly 工程技术-计算机：信息系统

CiteScore

13.30

自引率

4.10%

发文量

审稿时长

6-12 weeks

期刊介绍： Journal Name: MIS Quarterly Editorial Objective: The editorial objective of MIS Quarterly is focused on: Enhancing and communicating knowledge related to: Development of IT-based services Management of IT resources Use, impact, and economics of IT with managerial, organizational, and societal implications Addressing professional issues affecting the Information Systems (IS) field as a whole Key Focus Areas: Development of IT-based services Management of IT resources Use, impact, and economics of IT with managerial, organizational, and societal implications Professional issues affecting the IS field as a whole