Benjamin M. Ampel, Sagar Samtani, Hongyi Zhu, Hsinchun Chen
{"title":"利用黑客漏洞标签创建前瞻性网络威胁情报:深度迁移学习方法","authors":"Benjamin M. Ampel, Sagar Samtani, Hongyi Zhu, Hsinchun Chen","doi":"10.25300/misq/2023/17316","DOIUrl":null,"url":null,"abstract":"<style>#html-body [data-pb-style=YM00THS]{justify-content:flex-start;display:flex;flex-direction:column;background-position:left top;background-size:cover;background-repeat:no-repeat;background-attachment:scroll}</style>The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.","PeriodicalId":49807,"journal":{"name":"Mis Quarterly","volume":"66 4 1","pages":""},"PeriodicalIF":7.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach\",\"authors\":\"Benjamin M. Ampel, Sagar Samtani, Hongyi Zhu, Hsinchun Chen\",\"doi\":\"10.25300/misq/2023/17316\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<style>#html-body [data-pb-style=YM00THS]{justify-content:flex-start;display:flex;flex-direction:column;background-position:left top;background-size:cover;background-repeat:no-repeat;background-attachment:scroll}</style>The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.\",\"PeriodicalId\":49807,\"journal\":{\"name\":\"Mis Quarterly\",\"volume\":\"66 4 1\",\"pages\":\"\"},\"PeriodicalIF\":7.0000,\"publicationDate\":\"2024-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Mis Quarterly\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.25300/misq/2023/17316\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mis Quarterly","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.25300/misq/2023/17316","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
#html-body[data-pb-style=YM00THS]{justify-content:flex-start;display:flex;flex-direction:column;background-position:left-top;background-size:cover;background-repeat:no-repeat;background-attachment:scroll}随着复杂信息系统的迅速发展,可造成不可挽回的网络漏洞的漏洞数量也在不断增加。为了减轻这些网络威胁,学术界和工业界都非常重视主动识别和标记国际黑客社区开发的漏洞。然而,对黑客论坛中的漏洞进行标注的主流方法并没有利用漏洞暗网市场或公共漏洞库中的元数据来提高标注性能。在本研究中,我们采用计算设计科学范式开发了一种新型信息技术工具--深度转移学习漏洞利用标签器(DTL-EL)。DTL-EL 融合了预初始化设计、多层深度迁移学习(DTL)和自我关注机制,可自动标记黑客论坛中的漏洞。我们对照基于经典机器学习和深度学习的最先进的非DTL基准方法,对所提出的DTL-EL进行了严格评估。结果表明,基于准确度、精确度、召回率和 F1 分数,拟议的 DTL-EL 明显优于基准方法。我们提出的 DTL-EL 框架为网络安全管理人员、分析师和教育工作者等关键利益相关者提供了重要的实际意义。
Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach
The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.
期刊介绍:
Journal Name: MIS Quarterly
Editorial Objective:
The editorial objective of MIS Quarterly is focused on:
Enhancing and communicating knowledge related to:
Development of IT-based services
Management of IT resources
Use, impact, and economics of IT with managerial, organizational, and societal implications
Addressing professional issues affecting the Information Systems (IS) field as a whole
Key Focus Areas:
Development of IT-based services
Management of IT resources
Use, impact, and economics of IT with managerial, organizational, and societal implications
Professional issues affecting the IS field as a whole
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
